Browse docs

Features

Integrated in Minutes, Without Agent or Appliance

Why Cybora uses existing external-list, alias, and threat-feed functions instead of placing a new system inside the network.

Last updated: June 26, 2026

On this page

Cybora is built as a feed service for existing firewalls. A typical integration consists of an HTTPS URL that the firewall retrieves regularly and stores in a native list, alias, External Dynamic List, or threat-feed object.

This is intentionally simple. No agent, appliance, sidecar system, or complex API integration is required inside the customer network.

Why native functions matter

Native firewall functions have several advantages:

  • they fit into existing operations and change processes
  • they are monitored and updated by the firewall vendor
  • they are visible and understandable to admins
  • they do not require an additional network component
  • they integrate with existing policies, logs, and backups

Cybora delivers the feed. Enforcement happens on the firewall wherever the platform natively supports external lists.

Typical workflow

The technical workflow is usually similar:

  1. Copy the feed URL with the license key.
  2. Choose the relevant indicator type: ipv4, domain, or url.
  3. Add the URL to the firewall’s native list function.
  4. Set the polling interval according to the plan.
  5. Reference the list in a policy.
  6. Verify retrieval, import, and matches in logs.

Firewall-specific details are documented in the guides under Firewalls.

Limits

Not every firewall supports every indicator type equally well. Some platforms process IP lists very well, but cannot enforce URL lists from an external source. Feed type and firewall function must therefore fit together. More about this is documented in IPv4, Domains, and URLs.