Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
5653
Views
0
Helpful
2
Replies

Where do I report Zero-day and other Malware to improve the Web Security Appliance filters?

Go to solution
itsecurityadministration1
Level 1
Level 1

ā€Ž03-31-2016 05:36 AM - edited ā€Ž02-20-2020 09:15 PM

When actively scanning our network for vulnerabilities we sometimes come across zero-day or other malware exploits that connect to command and control servers on the Internet. Where can I report URL's of command and control servers to Cisco to improve the Web Security Appliance for the entire Cisco community?

At the moment we are just using the Blacklist feature in the WSA.

It would be more helpful if these C&C sites were blocked by the Cisco signatures.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sara Sheridan
Level 1
Level 1

ā€Ž03-31-2016 05:52 AM

The Security Hub, a self-service portal, provides a new option for checking the reputation of URLs , and/or submitting URLs for review. All submissions made via the portal are usually reviewed within 24 hours.

  • Go to https://securityhub.cisco.com (requires login)
  • Click on URL Reputation Requests > Lookup or Submit URLs
  • Enter the URL(s) in the box provided (one per line)
  • Select Cloud Web Security > Lookup > This will show you the current reputation for each URL (e.g. Neutral if is it not being blocked)
  • From here you can submit the URL(s) for review by suggesting a different type (e.g. Malicious if you believe it should be blocked)

I hope this helps.

--

Sara

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Sara Sheridan
Level 1
Level 1

ā€Ž03-31-2016 05:52 AM

The Security Hub, a self-service portal, provides a new option for checking the reputation of URLs , and/or submitting URLs for review. All submissions made via the portal are usually reviewed within 24 hours.

  • Go to https://securityhub.cisco.com (requires login)
  • Click on URL Reputation Requests > Lookup or Submit URLs
  • Enter the URL(s) in the box provided (one per line)
  • Select Cloud Web Security > Lookup > This will show you the current reputation for each URL (e.g. Neutral if is it not being blocked)
  • From here you can submit the URL(s) for review by suggesting a different type (e.g. Malicious if you believe it should be blocked)

I hope this helps.

--

Sara

0 Helpful

Go to solution
itsecurityadministration1
Level 1
Level 1
In response to Sara Sheridan

ā€Ž03-31-2016 07:44 AM

Thanks a million Sara! I just tried out your procedure and it works flawlessly.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents