Staying InvolvedWhy is the Container Interval limited to 1 hour as the quickest time to sync?
I need to setup a threat feed and when I make changes to the feed in my github repo or wherever it may be, I need it to sync as quick as possible.
1 hour seems like a very long time.
Staying InvolvedI just posted one issue related to container. Do you also face similar issue as below:-
Dear All,
I get malicious domain and IPs to block from my regulator. Instead of manually adding IPs and domain, I created Container and than get it sync with Raw Github for both IPs and FQDN. The FQDN and IPs are syncing correctly in CMA.
To test, I added "linkedin.com" to malicious domain in container and created Internet Firewall rule to block for this container. When I browse "linkedin.com", I get block page but as soon as I type "www.linkedin.com", it opens and not get blocked. Since there is only option of either IP or FQDN to be added in Cato Container, now due to this limitation, my purpose is not solved.
Ideally it should block all subdomains as well but it only blocks if FQDN is browsed. So with this, malicious attacker URLs will not be blocked. Cato should provide option to add "Domain" as well along with IP and FQDN as this is not solving the problem of blocking malicious domain basis threat feeds received from regulator.
Cato Product should look into this.
Staying Involvedtht seems liek a separte issue but good to know ill have to test that as well. You may be better off opening another discussion on that for better visibilty
