Cisco Umbrella gives you the ability to report a domain for reclassification for security within the Umbrella Activity Search. This extra functionality lets you give feedback about whether a domain, IP or URL should be reclassified as malicious (or not) directly to Cisco within the product itself.
The following scenarios might make you want to submit a domain for reclassification:
- A False Positive—You may believe that a domain has been incorrectly categorized as malicious when it is not.
- A False Negative—You may believe that a domain is incorrectly categorized as benign when it is actually malicious.
Submitted domains are reviewed by the Security Research Team (SRT), which my result in the domain being blocked or unblocked.
How to report a domain
- Navigate to Reporting > Core Report > <report>. This can be Activity Search or any other report which allows you to click a destination.
- Generate a report and then click a destination.
- Click Suggest Security Categorization.
- In the Request Security Reclassification modal, provide information that is pertinent to the domain. For example, "This domain should be blocked due to Command and Control Callback activity" or "This domain should be unblocked as it is used for an ____ website". This information helps our Security Research Team (SRT) categorize the site efficiently.
- Click Send.