Sophos Firewall Integration

Step-by-step guide to configuring the ThreatHive blocklist

Integration Steps
  1. Log In: Access your Sophos Firewall web admin console.
  2. Go to Threat Feeds: Navigate to Active Threat Response > Third-party Threat Feeds.
  3. Add a New Feed: Click Add to create a new feed.
  4. Enter Feed Details:
    • Name: ThreatHive_Blocklist
    • Action: Block (or Monitor for testing)
    • Position: Top
    • Indicator Type: IPv4 address
    • Feed URL: https://threathive.net/hiveblocklist.txt
    • Authorization Type: No authentication
    • Validate Server Certificate: Optional
    • Polling Interval: 15 minutes
  5. Test & Save:
    • Click Test Connection to verify the feed
    • If successful, click Save
  6. Monitor: Navigate to Logs & Reports > Threat Indicators to review matches, false positives, and blocked traffic.