Sometimes you may want to quickly block a scanning/probing IP address without having to deal directly with the Access Control Policy. This can be done in the FMC within the Events view. Go to Analysis -> Connections -> Events
Depending on volume of traffic, you may have to click ‘Edit Search‘ and look by Initiator or Responder IP. Once found, right-click on the IP address and select ‘Blacklist IP Now‘ and confirm,
In the Events window, you will notice the Action change to Block with the Reason showing IP Block. To verify, go to Objects -> Object Management and click ‘Network Lists and Feeds‘
Click Global-Blacklist and locate the IP address that was added.
From this window, you can easily remove the IP address if necessary and Save the file.