There is more information about this topic in the documentation section: Detect and react to a Shellshock attack
. There you have an example of an active response used for IP blocking.
As Natassia said, the command iptables --list -n
can show you in the agent what is the current list of IP addresses in its firewall drop list.
But you can't see this information from your manager for every agent. One workaround could be configuring a remote command and executing it. See Command monitoring
for more details.