Managing ThreatGroups

If the Distributed Cloud Firewall (DCF) feature is disabled, ThreatGroups are not available.

The Default ThreatGroup can be used in DCF rules to ensure that traffic meeting the ThreatGroup criteria is blocked. When traffic triggers that rule, its DCF rule references are shown on the Groups > ThreatGroups tab.

The Default ThreatGroup is regularly updated with data from the Proofpoint Global Threat Database.

You cannot have a ThreatGroup as both a source and a destination in a DCF rule.

Viewing ThreatGroup Details

You can click the Default ThreatGroup name in the list to view its IPs/CIDRs and Rule References in the right-hand pane.

threatgroup detail