https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736967#M18464 <P>Hello everyone,</P><P>I recently deployed SFR module on ASA 5512-X and I am facing the following issue : One website that is used on a daily basis is blocked since we deployed FirePower services. Actually, it's been categorized as "Malware Site" with a bad reputation "High Risk".</P><P>I added this URL to a white list so it can be reached but the customer asks to gather some information on why it's been categorized like this. My question is : is there a Sourcefire or Cisco tool where we can see the history of a particular domain or IP address ?</P><P>I checked on senderbase.org but there is no information like this and I know Sourcefire doesn't use SenderBase anyway.</P><P>My guess is maybe this website has been hacked in the past and is delivering malware since.</P><P>Thanks in advance,</P><P>Vincent</P> Thu, 08 Oct 2015 11:01:29 GMT Vincent Fortrat 2015-10-08T11:01:29Z https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736967#M18464 <P>Hello everyone,</P><P>I recently deployed SFR module on ASA 5512-X and I am facing the following issue : One website that is used on a daily basis is blocked since we deployed FirePower services. Actually, it's been categorized as "Malware Site" with a bad reputation "High Risk".</P><P>I added this URL to a white list so it can be reached but the customer asks to gather some information on why it's been categorized like this. My question is : is there a Sourcefire or Cisco tool where we can see the history of a particular domain or IP address ?</P><P>I checked on senderbase.org but there is no information like this and I know Sourcefire doesn't use SenderBase anyway.</P><P>My guess is maybe this website has been hacked in the past and is delivering malware since.</P><P>Thanks in advance,</P><P>Vincent</P> Thu, 08 Oct 2015 11:01:29 GMT https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736967#M18464 Vincent Fortrat 2015-10-08T11:01:29Z https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736968#M18488 <P>I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.</P><P>&nbsp;</P><P>http://www.brightcloud.com/tools/change-request-url-ip.php</P> Thu, 08 Oct 2015 13:49:05 GMT https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736968#M18488 alberx 2015-10-08T13:49:05Z https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736969#M18508 <P>Exactly what I was looking for ! Thanks !</P><P>Do you know if FirePower will use Cisco Security Intelligence in the future instead of Brightcloud ?</P> Thu, 08 Oct 2015 13:54:58 GMT https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736969#M18508 Vincent Fortrat 2015-10-08T13:54:58Z https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736970#M18524 <P>I don´t know any about SourceFire roadmaps. Sorry.</P> Thu, 08 Oct 2015 14:17:14 GMT https://community.cisco.com/t5/network-security/security-information-on-ip-address-or-url-in-sourcefire/m-p/2736970#M18524 alberx 2015-10-08T14:17:14Z