Hi Cisco Support,
Our problem is that the attacker attached a picture file and when the user click that picture, it will redirect to a certain shorten url link which hides the real URL and download a malicious file. We found out that the attacker uses goo.gl.com so that ironport has positive scan. We want to automate a filter if other attackers will use other URL shorten link server instead goo.gl.com. We opened a Cisco TAC case but it didn't work about regular expressions. Kindly help us on how to block shorten URL links.
Thank you and best regards!
