At Cisco Talos, we need customers to be able to provide feedback at all times, whether it be about false positives, false negatives, or missed categories. Because we deal with an abundance of data across our platforms — such as IPS alerts, AMP alerts and more — feedback helps us test the efficacy of those alerts and systems promptly.
Today, there are several ways of doing this: calling Cisco Support (aka TAC), submitting a dispute through Talosintelligence.com, or securityhub.cisco.com, plus a myriad of other ways — each winding up in a different “system” for Talos to deal with on our side. The days of that confusion are numbered.
We’ve been silently working on a streamlined experience, not only for the customers but for our workflow as well. We asked ourselves the question, “What is the easiest way we can enable a customer to get disputes to us, deal with it the fastest way possible, and get that information back to the customer in the most efficient manner?”
I have submitted some requests in the past. I understand that these take time for a look up. I honestly think that some effort should be focused on the life of a particular threat. What I mean by this is, if a threat existed either via a malware issue on an URL, or even a vulnerability, these should be eventually dropped. ISP's over time will clear out the bad stuff, and vulnerabilities are often superseded, with another patch taking its place. Some of the IPS rules can exceed 50,000. I often wonder how many of these can actually be archived to reduce the workload both in human form as well as electronically. I realize that since Cisco and Snort merged new technologies come. The FMC is being slowly tuned to Cisco's way of doing business, and although it will take time, there are some discrepancies I don't care for. Take for one instance – Virus Total. If Virus Total shows ONE out 60+ vendors, it's considered malware related URL/ IP. Sure there is always "more to this", but the endpoint analyst doesn't have access to all the intelligence, and we can only assume that what Cisco/ Talos says is gospel. It's a constant battle everyday to sift through all these ones and zeroes. RONCO has to have a better way out there. Does this company have the edge? a solution? Who knows……
https://www.csoonline.com/article/3289706/security/review-zero-tolerance-malware-and-code-blocking-with-solebit.html#tk.rss_news
I get dozens of spam daily with talosintelligence as part of the from. What is this and how do I stop it!!
It won't respond to email spam "rules"
JoAnn
@JoAnn – Please contact us at blogs-support@cisco.com so we can assist you with this.