10-08-2015 04:01 AM
Hello everyone,
I recently deployed SFR module on ASA 5512-X and I am facing the following issue : One website that is used on a daily basis is blocked since we deployed FirePower services. Actually, it's been categorized as "Malware Site" with a bad reputation "High Risk".
I added this URL to a white list so it can be reached but the customer asks to gather some information on why it's been categorized like this. My question is : is there a Sourcefire or Cisco tool where we can see the history of a particular domain or IP address ?
I checked on senderbase.org but there is no information like this and I know Sourcefire doesn't use SenderBase anyway.
My guess is maybe this website has been hacked in the past and is delivering malware since.
Thanks in advance,
Vincent
Solved! Go to Solution.
10-08-2015 06:49 AM
I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.
http://www.brightcloud.com/tools/change-request-url-ip.php
10-08-2015 06:49 AM
I think Sourcefire uses brightcloud as a web reputation. Check how categorized is website you are accessing.
http://www.brightcloud.com/tools/change-request-url-ip.php
10-08-2015 06:54 AM
Exactly what I was looking for ! Thanks !
Do you know if FirePower will use Cisco Security Intelligence in the future instead of Brightcloud ?
10-08-2015 07:17 AM
I don´t know any about SourceFire roadmaps. Sorry.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide