Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1179
Views
0
Helpful
5
Replies

Category for web mismatch Talos/device

SupportAC
Level 1
Level 1

‎07-29-2019 02:06 AM - edited ‎07-29-2019 04:32 AM

Hi,

 

We realised that the web "scandinavia.com.pl" is being categorized as "porno" by TALOS. So this is OK.

But in our WSA is "Uncategorized URL". Why our WSA is not categorizing this web as "porno"?

 

2.pngscandinavia.png

 

We run the command "updatenow" just in case that the issue is in the old web database. But its still showing like this. What line is related to web categorization TALOS?

 

Name: S390
Product: Cisco S390 Web Security Appliance
Model: S390
Version: 11.5.1-115
Build Date: 2018-08-27
Install Date: 2018-08-27 20:46:31
RAID Status: Optimal
RAID Type: 10
BMC: 2.00
Cisco DVS Engine: 1.0 (Never Updated)
Cisco DVS Malware User Agent Rules: 0.554 (Never Updated)
Cisco DVS Object Type Rules: 0.554 (Never Updated)
Cisco Trusted Root Certificate Bundle: 1.5 (Wed Nov 07 15:16:34 2018)
Cisco Certificate Blacklist: 1.3 (Wed Sep 26 17:04:42 2018)
L4 Traffic Monitor Anti-Malware Rules: 1564387571 (Mon Jul 29 12:39:18 2019)
Cisco Web Usage Controls - Web Categorization Engine: 3.0.0.062 (Sat Feb 02 15:15:41 2019)
Cisco Web Usage Controls - Web Categorization URL Keyword Filters: 1312487822 (Sat Feb 02 15:15:41 2019)
Cisco Web Usage Controls - Web Categorization Prefix Filters: 1564323672 (Sun Jul 28 16:36:47 2019)
Cisco Web Usage Controls - Web Categorization Categories List: 1554324016 (Thu Apr 04 16:18:29 2019)
Cisco Web Usage Controls - Dynamic Content Analysis Engine: 2.1.0-016 (Never Updated)
Cisco Web Usage Controls - Dynamic Content Analysis Engine Data: 3.1.0001 (Never Updated)
Cisco Web Usage Controls - Application Visibility and Control Engine: 1.1.0-076 (Never Updated)
Cisco Web Usage Controls - Application Visibility and Control Data: 1.1.0.56-001 (Thu May 23 17:03:02 2019)
Web Reputation Engine: 3.0.0.062 (Sat Feb 02 15:15:41 2019)
Web Reputation IP Filters: 1564323400 (Sun Jul 28 16:36:48 2019)
Web Reputation Rules: 1563212459 (Tue Jul 16 16:29:09 2019)
Web Reputation Prefix Filters: 1564323672 (Sun Jul 28 16:36:47 2019)
Webroot Anti-Malware Engine: 2.1.5.8 (Never Updated)
Webroot Engine Definition: 2.1.5.8 (Never Updated)
Webroot Malware Categories DATs: 4254 (Mon Jul 29 12:45:29 2019)
Sophos Engine: 3.2.07.376.0_5.64 (Wed Jul 17 17:01:18 2019)
Sophos IDE: 2019072902 (Mon Jul 29 12:39:19 2019)
Advanced Malware Protection - Cloud Configuration and Settings: 1.0.0-114 (Sat Sep 29 16:13:09 2018)
Advanced Malware Protection - Engine Definition: 1.0
Cisco Internal Certificates - Advanced Malware Protection: 1.0.0-101 (Wed Sep 26 17:04:09 2018)

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎07-29-2019 05:11 AM

below are the related to reputation.

 

Web Reputation Engine: 3.0.0.062 (Sat Feb 02 15:15:41 2019)
Web Reputation IP Filters: 1564323400 (Sun Jul 28 16:36:48 2019)
Web Reputation Rules: 1563212459 (Tue Jul 16 16:29:09 2019)
Web Reputation Prefix Filters: 1564323672 (Sun Jul 28 16:36:47 2019)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee

‎07-29-2019 03:29 PM

Hi There,

 

The URL scandinavia.com.pl, were getting last update few hours a go (possibly categorised it as the categorisation that you see right now), this will takes times to populate globally (1 - 4 hours) and also depending on whether your WSA scanning engines are getting the very latest incremental updates or not.

 

In this case, you need to make sure below are getting the very up to date updates (showing the latest dates):

Cisco Web Usage Controls - Web Categorization Prefix Filters

Web Reputation Prefix Filters

Web Reputation IP Filters

 

As of this minute, below are the latest versions:

prefixcat: 1564425183, rule: 1564423719, categories: 1554324016, keyword: 1312487822, ip: 1564438528
 
Regards
Handy
0 Helpful

Handy Putra
Cisco Employee
Cisco Employee

‎07-29-2019 03:29 PM

Hi There,

 

The URL scandinavia.com.pl, were getting last update few hours a go (possibly categorised it as the categorisation that you see right now), this will takes times to populate globally (1 - 4 hours) and also depending on whether your WSA scanning engines are getting the very latest incremental updates or not.

 

In this case, you need to make sure below are getting the very up to date updates (showing the latest dates):

Cisco Web Usage Controls - Web Categorization Prefix Filters

Web Reputation Prefix Filters

Web Reputation IP Filters

 

As of this minute, below are the latest versions:

prefixcat: 1564425183, rule: 1564423719, categories: 1554324016, keyword: 1312487822, ip: 1564438528
 
Regards
Handy
0 Helpful

SupportAC
Level 1
Level 1
In response to Handy Putra

‎07-29-2019 11:26 PM

SO looking in my previous update with all update versions. I would like to know what is the "packet" related to URL categories. In order to confirm if these categories are being updated. thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to SupportAC

‎07-30-2019 12:11 AM

Not sure why this has been not updated.

 

Web Reputation Engine: 3.0.0.062 (Sat Feb 02 15:15:41 2019)

 

just compared my live box, it was aorund 15th July 2019 was the latest, same version though.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents