CTAS Installation

rharrison · ‎07-11-2016

Hello,

When installing Cisco Threat Awareness in the SNTC portal, what is the security procedure for Cisco to validate our domains and what type of domains are needed. Example: Is just one IP address needed or is a Fully Qualified Domain Name like sigmanet.com needed?

Thank you,

Ryan Harrison

David Stought · ‎07-12-2016

Hello Ryan,

When registering an IP address or domain within CTAS there are two methods of validation (email and DNS cookie).

For the email method the system will look up the owner of the network resource being registered and provide the user with one or more email addresses to notify. Emails are sent to the owners providing them information about the request to use the specified network resource for the CTAS service and instructions on how to authorize their use.

For the DNS cookie method the user is provided a cookie which needs to be added as a TXT record to the appropriate DNS zone. The system will continually check for the existence of the TXT record to validate network resource ownership and authorization.

The network resource must be authorized before CTAS begins retrieving threat intelligence data for the network resource. For the base service the user can register up to 3 domains and 768 IP addresses and has access to a subset of available views. I recommend registering at least one IP address as the majority of the available views in the base service are focused on IP addresses. The premium service allows for unlimited domains and IP addresses and access to all views. Domains are expected to be Fully Qualified Domain Names such as sigmanet.com.

Regards,

David Stought