Cisco Umbrella gives you the ability to report a domain for reclassification for security within the Umbrella Activity Search. This extra functionality lets you give feedback about whether a domain, IP or URL should be reclassified as malicious (or not) directly to OpenDNS within the product itself.
The two scenarios that will come up to submit a domain for reclassification are:
- A False Positive - Where a user may believe that a domain has been incorrectly categorized as malicious when it is not.
- A False Negative - Where a user may believe that a domain is incorrectly categorized as benign when it is actually malicious.
Submitting a domain will have it be reviewed by the Security Research Team (SRT) which will either lead it to being blocked or unblocked.
1. Get into the Core Report for the domain of your choice. This can either be done from the Activity Search, or any other menu which allows you to click on a domain.
2. Click on "Suggest Security Categorization" and submit any comments for the re-classification:
Provide a note that is most pertinent to the domain, such as "This domain should be blocked due to Command and Control Callback activity" or "This domain should be unblocked as it is used for an ____ website". Having this information will help our Security Research Team (SRT) categorize the site efficiently.