Cisco WSA and Cisco Threat Response Feed Integration
I have been playing a bit with Cisco Threat Response (CTR) in the context of improving / speeding up our response processes and in particular have been a bit excited with the CTR Intelligence piece where I could create an Indicator List containing Malicious Judgments and convert this to a feed which could be shared to interested parties/devices. In my case I would be looking to have WSA ingest am External URL Category Feed of domain names we identified as malicious in CTR hosting 0-day phish content which penetrated our e-mail security for whatever reason and AMP/Firepower/WSA/Umbrella have not yet seen/blocked.
Unfortunately the CTR feed is a txt file with a new domain on each line (which is firepower compatible) but the WSA requires that each domain be in a csv file with a new domain on each line separated by a comma, furthermore WSA URL cannot have special characters such as ? in the path which really limits trying to use a serverless conversion service.
Has anyone used CTR feeds in WSA and how did you go about completing the integration?
BenefitsDocumentationPrerequisiteImage Download LinksSupported PlatformsLimitationsLicense RequirementsTopologyStep-by-step ConfigurationConfigure PATCreate Custom ZonesCreate Class MapCreate the Policy-mapCreate Zone PairAssign the Interfaces to the Zone...
Listen: https://smarturl.it/CCRS9E20Follow us: https://twitter.com/CiscoChampion
With over one trillion email scams per year, more than 22 billion records were exposed by data breaches in 2021. Phishing attacks are clearly on the rise, and they’re e...
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...