Request a Security Reclassification for a Domain

Available Languages

Download Options

  • PDF     (142.4 KB)
    View with Adobe Reader on a variety of devices
Updated:September 12, 2025
Document ID:224920

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to sumbit a request to have a domain reviewed for reclassification.

    Background Information

    You can come across a domain that needs its security classification reviewed. We welcome feedback on whether a domain needs to be reclassified as malicious or benign, and you can contact the Support team directly from the dashboard. The Security Research team reviews security classifications.

    These scenarios can make you want to report a domain for reclassification:

    • A False Positive—You believe that a domain has been incorrectly categorized as malicious when it is not.
    • A False Negative—You believe that a domain is incorrectly categorized as benign when it is actually malicious.
    note-icon

    Note: Do not use this for content categorizations. If you believe a domain is incorrectly categorized for content (see Understanding Content Categories), please email umbrella-support@cisco.com.

    How to Report a Domain

    Reporting a domain through the Dashboard is easy if you have a couple that requires a review, but could be a hassle if you have more. You can also find instructions in this article: Rapid No-Reply Umbrella Security Review Requests  if you prefer to email our Security Team with one more more domains to review.

    To proceed with submitting domains for reclassification on the Dashboard:

    1. Navigate to Reporting > Core Reports <Activity Search>.
    2. Generate a report and click a domain.

      Activity Search page360078966812

    3. Click Suggest Security Categorization.

      Suggest Security Categorization page360078966852

    4. In the Request Security Reclassification box, let us know why the domain needs to be reclassified. For example, "This domain needs to be blocked due to Command and Control Callback activity". Provide as much information as possible.

      Request Security Reclassification dialog360079096031

    5. Click Send.

    Your request opens a ticket with us that is reviewed as soon as possible.

    Revision History

    Revision Publish Date Comments
    1.0
    17-Sep-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products