The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To manage threat intelligence, in the left navigation pane, click .
The Threat Intelligence feature provides the most up-to-date datasets for the Secure Workload pipeline that identifies and quarantines threats by inspecting the datacenter workloads against externally known malware command and control addresses, security flaws in processes and geographical location.
The Threat Intelligence dashboard displays the updated status of threat intelligence datasets. These datasets are updated automatically.
 Warning |
The Threat Intelligence feature requires a connection to Cisco Secure Workload servers to automatically update. Your enterprise outbound HTTP request may require:
In environments without an outbound connection, upload the datasets directly. See the Manual Uploads section. |
|
Dataset |
Description |
|---|---|
|
NVD CVEs |
Security related software flaws, CVSS base score, vulnerable product configuration, and weakness categorization |
|
MaxMind Geo |
Identification of the location and other characteristics of source IPs |
|
NIST RDS |
NIST Reference Data Set of digital signatures of known, traceable software applications |
|
Team Cymru |
Insight on 3,000+ botnet command and control IPs |
|
Hash Verdict |
Verdict of Secure Workload on process hashes (only available with the Automatic Updates section). |
 Note |
In case the MaxMind Geo dataset is manually uploaded in an earlier release, you must reupload the corresponding RPM to view the location and related information on the Flow Visibility page. |
The threat dataset updates are triggered from the appliance to synchronize with the global dataset that is hosted on the Internet at uas.tetrationcloud.com, everyday between 3-4 a.m. UTC. The global dataset is refreshed weekly on Fridays or Mondays. The Threat Intelligence dashboard lists the datasets and the date on which the dataset is last updated.
Attention |
Scheduling Manual Uploads—Dataset RPM files are published to Secure Workload Update Portal weekly. It is recommended to install the latest releases periodically by configuring a schedule for an administrator. |
The datasets can be downloaded from Secure Workload Update Portal.
To upload dataset RPM files:
Log in as a Site Administrator or Customer Support.
|
Step 1 |
In the left navigation pane, click . |
|
Step 2 |
Under the Upload Threat Dataset section, click Select Supplemental RPM. |
|
Step 3 |
Upload the RPM file downloaded from Secure Workload Update Portal. |
|
Step 4 |
Click Upload. |
Feedback