Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1317
Views
15
Helpful
0
Comments

Cisco Threat Awareness Service - Frequently Asked Questions

Edan Mudachi
Cisco Employee
Cisco Employee

‎01-29-2016 10:02 AM - edited ‎02-21-2020 10:01 PM

     

    What is the Cisco Threat Awareness Service?

    The Cisco Threat Awareness Service (CTAS) is a portal-based threat intelligence service that enhances threat visibility by making broad, foundation based security information accessible 24 hours a day for Smart Net Total Care (SNTC) customers.

     

    What is the difference between the basic and premium support offering?

    Feature Base Offering Premium Offering
    Support Community TAC
    Cost Included with STNC Additional for-fee service
    Portal Access 24x7 24x7
    Daily Updates Yes Yes
    Domain Names Limited to 3 Unlimited
    /24 Address Blocks Limited to 3 (or 768 in total) Unlimited (with a maximum of /16 per entry)
    Exposed Services Open Services Open Services, Vulnerable Services
    Malicious Activity IP Addresses IP Addresses, Domains, URLs
    DNS Observations Unexpected DNS Names Unexpected DNS Names, Observed DNS Resolvers
    Suspicious DNS Requests N/A DNS Requests to well-known malicious sites

    Table: CTAS Support Offering Feature Comparison

     

    Why does it say ‘pending’ next to my domains or IPs?

    The ‘pending’ status means that the domain or IP has not yet been authorized, and is not yet being monitored.

     

    How long will it take for my domain to be authorized?

    As soon as your admin completes the authorization process, either by email or DNS cookie, the domain will show a status of ‘confirmed’.

     

    The domain or IP is authorized, but I do not see any threat information against it.

    Once authorized, please allow 24 hours for the Cisco Threat Awareness Service to perform a threat analysis.

     

    How are the email addresses for email authorization obtained?

    The email addresses are found in the publicly available ‘whois’ information for the queried domain.

     

    How long does it take for a domain or IP to be analyzed for threats?

    After the domain has been authorized and goes into ‘confirmed’ state, it will take 24 hours for threat analysis to be performed.

     

    Can I filter for certain values in my charts?

    Yes, click on the filter icon in the top right of the chart. From here you can choose to filter the data using one or more of the following fields; IP Address, Protocol, Port, Category, or Observed Date.

     

    Can I export the data in my charts?

    Yes, click on the export icon in the top right of the chart. Here you will find the option to download the data in CSV file format, or to send the exported data via email (with a CSV attachment).

     

    How do I access the Smart Net Total Care (SNTC) portal?

    The Smart Net Total Care (SNTC) portal is available at: https://tools.cisco.com/smartservices

    Please follow the registration instructions to obtain access: https://tools.cisco.com/squish/260D9

     

    I can access the SNTC portal, but I cannot see CTAS.

    The Cisco Threat Awareness Service is enabled for all users. After logging into the STNC portal, it is found in the left hand menu under Library > Security > Threat Awareness Service.  

    Note - The left hand menu may contain a number of other items. If "Threat Awareness Service" is not present, please contact Support for assistance.

     

    How do I resolve the “you need to obtain approval from the Designated Admin” error?

    The Designated Admin (DA) of the company needs to use the Cisco Services Access Management Tool (http://tools.cisco.com/CDCEB) to grant you “CTAS User Role” privileges.

     

    I'm unable to register an IP address or IP range.

    CTAS does not support dynamically assigned addresses or ranges. Please confirm the IP address is correctly registered to the domain you are attempting to register. You can confirm this by doing a whois lookup on the IP or domain at http://www.whois.net

     

    I have added the DNS cookie but the service has not authorized the domain.

    Verify the DNS cookie by using the nslookup command line tool (Windows):

    C:\>nslookup -q=TXT cisco.com
    Server: 10.10.10.10
    Address: 10.10.10.10#53
    cisco.com   text = "cisco-site-verification=4b83f0hc-7eac-4c34-9fd9-1f3440g06b51"

     

    Does the Cisco Threat Awareness Service monitor my network?

    CTAS does not monitor any customer networks. Information provided comes from Cisco’s threat intelligence databases.

     

    How do you know about my DNS lookups?

    We have aggregated information about DNS lookups at the root server level. This is the basis of the DNS information provided by the Cisco Threat Awareness Service.

     

    What is a suspicious DNS lookup?

    A suspicious DNS lookup is a DNS resolution request for a site that is known to exhibit malicious behaviors. A DNS lookup is assumed to be followed by a connection request, and is usually an indication of an end host attempting to contact a malicious domain.

     

    Does the Cisco Threat Awareness Service attempt to resolve threats?

    No, the Cisco Threat Awareness Service is a monitoring service that provides an exposure footprint for the monitored network.

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents