I have an active channel which populates a list of malicious IP's and it keeps updating itself.
My requirement is to have a rule populated everytime an internal IP interacts with one of the IP's in the list.
Wanted to know how do I do it.
My thoughts are:
Have the list of the IP's from the active channel populated to an Dynamic active list
Have a rule to check the network traffic with the list present in the active list.
Will this work?
Or would there be an easier way of achieving this.