This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatically Add to Blocklist When Rule is Hit

I have a client who has migrated from a Watchguard firewall to a Sophos XG310. One of the features they have requested is as follows:

We own a CIDR of IP addresses, for example: 1.1.1.0/28 ranging from 1.1.1.1-1.1.1.14

We would like to set up a "honeypot" of sorts. The IP address 1.1.1.2 in this example is completely unused. There are no services running on that IP and there is no chance that a valid client will access it. What we would like to do is automatically add any IP address which hits 1.1.1.2 in any way to a global blocklist as this behavior is only indicative of somebody snooping around what they don't need to access.

Is this possible?

This thread was automatically locked due to age.

Parents

0 dirkkotte over 4 years ago

Hello,

i think it is possible using external services only.

For example external syslog triggering REST-API.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dirkkotte over 4 years ago

Hello,

i think it is possible using external services only.

For example external syslog triggering REST-API.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data