The Threat Intelligence page lists the most up-to-date data set for the Secure Workload pipeline that identifies and quarantines threats by inspecting the data center workloads against externally known malware
command and control addresses, and security flaws in processes and geographical location.
The Threat Intelligence page lists the most up-to-date data set for the Secure Workload pipeline that identifies and quarantines threats by inspecting the data center workloads against externally known malware
command and control addresses, and security flaws in processes and geographical location. From this page, you can also identify
communication from workloads to well-known malicious IPv4 addresses. The malicious IP addresses are updated every 24 hours.
You can choose to automatically update the threat intelligence data sets or manually upload the data sets to Secure Workload.
To manage threat intelligence, from the navigation pane, choose .
The Threat Intelligence page displays the updated status of threat intelligence data sets. These data sets are updated automatically.
Note
|
The Threat Intelligence feature requires a connection to Cisco Secure Workload servers to automatically update. Your enterprise outbound HTTP request may require:
In environments without an outbound connection, upload the data sets directly. For more information, see the Manual Uploads section.
|
Table 1. Data Sets
Data set
|
Description
|
NVD CVEs
|
Security related software flaws, CVSS base score, vulnerable product configuration, and weakness categorization
|
MaxMind Geo
|
Identification of the location and other characteristics of source IPs
|
NIST RDS
|
NIST Reference Data Set of digital signatures of known, traceable software applications
|
Team Cymru
|
Insight on 3,000+ botnet command and control IPs
|
Hash Verdict
|
Verdict of Secure Workload on process hashes (only available with the Automatic Updates section).
|
Note
|
In case the MaxMind Geo data set is manually uploaded in an earlier release, you must reupload the corresponding RPM to view
the location and related information on the Flow Visibility page.
|