Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

5156
Views
0
Helpful
2
Replies
itsecurityadministration1
Beginner
Beginner
ā€Ž03-31-2016 05:36 AM
ā€Ž03-31-2016 05:36 AM

Where do I report Zero-day and other Malware to improve the Web Security Appliance filters?

When actively scanning our network for vulnerabilities we sometimes come across zero-day or other malware exploits that connect to command and control servers on the Internet. Where can I report URL's of command and control servers to Cisco to improve the Web Security Appliance for the entire Cisco community?

At the moment we are just using the Blacklist feature in the WSA.

It would be more helpful if these C&C sites were blocked by the Cisco signatures.

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Sara Sheridan
Beginner
Beginner
ā€Ž03-31-2016 05:52 AM
ā€Ž03-31-2016 05:52 AM

The Security Hub, a self-service portal, provides a new option for checking the reputation of URLs , and/or submitting URLs for review. All submissions made via the portal are usually reviewed within 24 hours.

  • Go to https://securityhub.cisco.com (requires login)
  • Click on URL Reputation Requests > Lookup or Submit URLs
  • Enter the URL(s) in the box provided (one per line)
  • Select Cloud Web Security > Lookup > This will show you the current reputation for each URL (e.g. Neutral if is it not being blocked)
  • From here you can submit the URL(s) for review by suggesting a different type (e.g. Malicious if you believe it should be blocked)

I hope this helps.

--

Sara

View solution in original post

0 Helpful
2 REPLIES 2
Sara Sheridan
Beginner
Beginner
ā€Ž03-31-2016 05:52 AM
ā€Ž03-31-2016 05:52 AM

The Security Hub, a self-service portal, provides a new option for checking the reputation of URLs , and/or submitting URLs for review. All submissions made via the portal are usually reviewed within 24 hours.

  • Go to https://securityhub.cisco.com (requires login)
  • Click on URL Reputation Requests > Lookup or Submit URLs
  • Enter the URL(s) in the box provided (one per line)
  • Select Cloud Web Security > Lookup > This will show you the current reputation for each URL (e.g. Neutral if is it not being blocked)
  • From here you can submit the URL(s) for review by suggesting a different type (e.g. Malicious if you believe it should be blocked)

I hope this helps.

--

Sara

0 Helpful
itsecurityadministration1
Beginner
Beginner
In response to Sara Sheridan
ā€Ž03-31-2016 07:44 AM
ā€Ž03-31-2016 07:44 AM

Thanks a million Sara! I just tried out your procedure and it works flawlessly.

0 Helpful
Latest Contents
Network Security All-in-one ASA FTD WSA Umbrella ISE VPN Lay...
Created by Meddane on 05-17-2022 06:18 AM
2
0
2
0
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi... view more
Understanding IP Layer Enforcement on Cisco Umbrella
Created by Meddane on 05-17-2022 03:10 AM
0
0
0
0
Cisco Umbrella is a big DNS service that provides not only the DNS resolution but also if the hosted website is trust or malicious, the idea behind the Layer DNS Security is that the modern attacks uses the DNS in the first step either to redirect the use... view more
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
ISE Integration with Eduroam External Server
Created by deepuvarghese1 on 05-09-2022 08:31 PM
3
20
3
20
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards