Submit a Categorization Request

Introduction

This document describes how to submit a ticket if you believe a domain, URL, IP, or file hash categorization reported in Cisco Umbrella is incorrect.

Overview

Categorization data for Cisco Umbrella and many other Cisco products is handled by Cisco Talos. The Cisco Talos team reviews categorization requests. The Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world.

Note: If a domain or URL categorization is currently causing a P1/URGENT issue in your production environment, please open a support case directly with the Cisco Umbrella support team with the domain/URL in question along with details on the urgency.

Submitting A Request (Activity Search)

You can now submit a request related to Security or Content Categories via the Umbrella Dashboard. For more details head over to Dispute a content categorization in the Umbrella Documentation.

Navigate to Reports > Core Reports > Activity Search and find the relevant request (DNS or Web). Click the action menu and choose View Full Details. Click Dispute Categorization.

403dec0-activity_search_dispute_categorization.png

When raising a dispute, you are prompted to select either "Security" or "Content" categorization. It is important to select the correct type (based on the category you wish to change) to route the ticket to the appropriate team.

8ad88bf-description_and_email.png

To view the status of this ticket, you can also use the 'My Tickets' portal on talosintelligence.com. See Managing Submissions.

Submitting A Request (Talos Reputation Center)

It is also possible to submit a request directly to Cisco Talos Reputation Support Center. Depending on the type of category being requested for review, please submit the dispute to the respective queue:

• Security categories = Submit a Web & Email Reputation Support Adjustment
• Content Category = Submit a Web Categorization Request
• File Inspection hashes = Submit a File Reputation ticket option

Screen_Shot_2021-04-05_at_9.55.42_AM.png

Note: A Cisco.com account is required to submit and track cases. If not signed in, you are redirected to the login page. Users can create an account for free but if you have other Cisco products then you could already have a Cisco.com account.

Enter the domain, URL, IP, or file hash entries (up to 50) and click Get Category Data to view its current categorization.

sec_get.png

Select the suggested categorization tag you wish to see for the entry and enter the comment details regarding the suggested request. To ensure it gets applied to the right platform, please select "Umbrella" from the platform list or click on the "bulk select platform" to change all entries to "Umbrella".

Note: If the option for Umbrella is not available, please select TalosIntelligence as the alternative.

The Umbrella option is not available to customers if your Cisco.com (CCO) account is not associated with a Cisco Umbrella contract. To associate licensing contracts with your CCO account, please refer to identity.cisco.com.

sec_submit.png

After filling in desired entries and fields, hit submit and you are redirected to a submission confirmation message on the "my tickets" dashboard.

Managing Submissions

You can view the progress and resolution of cases submitted to the Talos team through "My Tickets".

Screen_Shot_2021-04-05_at_10.01.04_AM.png

Selecting a ticket number opens further details on the case like status, resolution, and comments from the Talos team.

Screen_Shot_2021-04-05_at_10.02.09_AM.png

Note: If you run into any issues with the submission, please contact Cisco Talos using the "Email Support Regarding this Ticket" button. Please allow a few minutes to pass before accessing this function upon submission of your ticket.