Cisco WSA and Cisco Threat Response Feed Integration
I have been playing a bit with Cisco Threat Response (CTR) in the context of improving / speeding up our response processes and in particular have been a bit excited with the CTR Intelligence piece where I could create an Indicator List containing Malicious Judgments and convert this to a feed which could be shared to interested parties/devices. In my case I would be looking to have WSA ingest am External URL Category Feed of domain names we identified as malicious in CTR hosting 0-day phish content which penetrated our e-mail security for whatever reason and AMP/Firepower/WSA/Umbrella have not yet seen/blocked.
Unfortunately the CTR feed is a txt file with a new domain on each line (which is firepower compatible) but the WSA requires that each domain be in a csv file with a new domain on each line separated by a comma, furthermore WSA URL cannot have special characters such as ? in the path which really limits trying to use a serverless conversion service.
Has anyone used CTR feeds in WSA and how did you go about completing the integration?
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...