We are currently working on a few firewall plugins, and were wondering if anyone has any suggestions around them.
Right now we’re nailing down the “block host” use case. This means if anyone sees a malicious indicator of compromise, and it’s associated with an IP, we block that IP.
What I was wondering…does anyone here have firewall products they use often and would like to see an integration with? Does anyone have any other use cases they’d like to see covered?
If you have any other suggestions around firewalls, feel free to post those here too!
A plugin for the Cisco ASA firewall would be useful. It has a built-in ‘shun’ command for blocking inbound traffic from attacking hosts:
For preventing outbound connections to malicious hosts you’d need to do something else, however. Customers with Firepower devices could potentially use a plugin that added the malicious external IP to a Security Intelligence Feed or List (if there’s a suitable API for doing that).
Thanks for the feedback. We’ve got that plugin on the roadmap, but the example api call is super helpful. We’ll get on that very soon!
Palo Alto firewalls please!
@jared_boulden – We do have an InsightConnect Plugin with Palo Alto PAN-OS.
Check it out @ https://extensions.rapid7.com/extension/palo_alto_pan_os