cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

5155
Views
0
Helpful
2
Replies

Where do I report Zero-day and other Malware to improve the Web Security Appliance filters?

When actively scanning our network for vulnerabilities we sometimes come across zero-day or other malware exploits that connect to command and control servers on the Internet. Where can I report URL's of command and control servers to Cisco to improve the Web Security Appliance for the entire Cisco community?

At the moment we are just using the Blacklist feature in the WSA.

It would be more helpful if these C&C sites were blocked by the Cisco signatures.

1 ACCEPTED SOLUTION

Accepted Solutions
Sara Sheridan
Beginner

The Security Hub, a self-service portal, provides a new option for checking the reputation of URLs , and/or submitting URLs for review. All submissions made via the portal are usually reviewed within 24 hours.

  • Go to https://securityhub.cisco.com (requires login)
  • Click on URL Reputation Requests > Lookup or Submit URLs
  • Enter the URL(s) in the box provided (one per line)
  • Select Cloud Web Security > Lookup > This will show you the current reputation for each URL (e.g. Neutral if is it not being blocked)
  • From here you can submit the URL(s) for review by suggesting a different type (e.g. Malicious if you believe it should be blocked)

I hope this helps.

--

Sara

View solution in original post

2 REPLIES 2
Sara Sheridan
Beginner

The Security Hub, a self-service portal, provides a new option for checking the reputation of URLs , and/or submitting URLs for review. All submissions made via the portal are usually reviewed within 24 hours.

  • Go to https://securityhub.cisco.com (requires login)
  • Click on URL Reputation Requests > Lookup or Submit URLs
  • Enter the URL(s) in the box provided (one per line)
  • Select Cloud Web Security > Lookup > This will show you the current reputation for each URL (e.g. Neutral if is it not being blocked)
  • From here you can submit the URL(s) for review by suggesting a different type (e.g. Malicious if you believe it should be blocked)

I hope this helps.

--

Sara

Thanks a million Sara! I just tried out your procedure and it works flawlessly.

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards