New URL filtering category/feature for new domains (less then 24hr)

Highlighted
L3 Networker

New URL filtering category/feature for new domains (less then 24hr)

Please vote if you see this useful.

This would enable a category that would scope domains deployed with a life-time less then 24hrs. 

 

Block new Domains created under 24 hour Block new Domains created under 24 hours old
FR ID: 7321

L7 Applicator

Re: New URL filtering category/feature for new domains (less then 24hr)

Wouldn't it make more sense if you simply block category "unknown", or if a block is not possible it you could use "continue" (this way at least malware is prevented from communicating)?

To be honest, this FR seams to be old, really, really old because of the low ID, so the chances for this FR are pretty low
L7 Applicator

Re: New URL filtering category/feature for new domains (less then 24hr)

@vsys_remo,

The request seems to be gaining popularity recently, but you're right we have other ways of getting around this so the likelihood of this gaining enough votes to be implemented is unlikely. 

L6 Presenter

Re: New URL filtering category/feature for new domains (less then 24hr)

I agree with @vsys_remo Seems really burdensome to have to track, catalog, and account for the age of a new domain.  Only to have it moved to an already existing category (Unknown) after 24 hours.  

 

Maybe a better way would be to try to enhance PAN-DB's or Brightcloud's "live/on the spot" categorization functionality?

L3 Networker

Re: New URL filtering category/feature for new domains (less then 24hr)

This was just implemented according to my SE.

L3 Networker

Re: New URL filtering category/feature for new domains (less then 24hr)

The unknown catagory: The website has not yet been categorized, so it does not exist in the URL filtering database on the firewall or in the URL cloud database.

 

This covers a percentage of what would fall under the <24/48 life span window of a new domain, however you still run the issue of it just being a domain that hasn't been injected in the URL DB but could have been online for sometime.

 

Also we are really interested in the "Last registared date" not the original. This should be an easy implementation as it seems like a simpler catagory to implment based on the availability of the information over some of the more complex categories that require a more time consuming process to classify.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!