This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Bright cloud DB classifications on url

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bright cloud DB classifications on url

Technical1
L1 Bithead

‎01-02-2014 07:56 AM

Hi,

I wonder if anyone can help.

there is a site  - ea.sendcpt.com which is listed in both brightcloud and PAN-DB

On brightcloud it is listed as malware-sites

But on PAN-DB which is a newer DB it is listed as business and economy

The end customer is having an issue as they are trying to access the site as it is a trusted site but they are getting block pages due to it being classified as malware on brightcloud.

I have tried the following to clear the cache in the hope it updates but to no avail.

-clear url-cache all

-delete dynamic-url host name ea.sendcpt.com

<this comes back with site removed>

But then the same issue occurs when trying to access it.

The customer is reluctant to use PAN-DB - is there another way around this??

Thanks

Sean

0 Likes Likes
9 REPLIES 9

HULK
L7 Applicator

‎01-02-2014 11:30 AM

Hello Sean,

I would request you to follow below mentioned 2 steps.

Step-1:

You can send a request to brightcloud to change the URL categorization for "ea.sendcpt.com". Please follow the below mentioned document for the same:

How to Request a URL Category Change from BrightCloud

Step-2: For the time being, you can create a custom URL category for "ea.sendcpt.com" to allow it through Brightcloud.

How To Create Custom URL Categories

Hope it will help you.

Thnaks

hyadavalli
L5 Sessionator

‎01-02-2014 11:54 AM

Hello Sean,

I'm not quite sure you have requested a change or not but Bright cloud is showing category as 'Business and Economy'.

Regards,

Hari Yadavalli

Technical1
L1 Bithead
In response to HULK

‎01-03-2014 01:00 AM

Thanks for your help. I will create a custom URL.

0 Likes Likes

Technical1
L1 Bithead
In response to hyadavalli

‎01-09-2014 09:14 AM

Hi Hari,  the problem is that the test url command categorizes the website ea.sendcpt.com as malware-site whilst the brightcloud website is categorizing it as business-and-economy.  All possible commands have used i.e.

clear url-cache all

delete dynamic-url host name ea.sendcpt.com etc...

Is there anything missing that needs to be addressed.. how can we have a website actually contact the cloud manually?

Kind Regards,

Kalyan

0 Likes Likes

Technical1
L1 Bithead
In response to HULK

‎01-09-2014 09:21 AM

Hi Hulk,  the problem is that the test url command categorizes the website ea.sendcpt.com as malware-site whilst the brightcloud website is categorizing it as business-and-economy.  All possible commands have used i.e.

clear url-cache all

delete dynamic-url host name ea.sendcpt.com etc...

Yes, the website is correctly classified by Brightcloud but misclassified by the firewall.  When brightcloud is categorizing it correctly, there is no need for custom url category.

Is there anything missing that needs to be addressed.. how can we have a website actually contact the cloud manually?

0 Likes Likes

dyang
L5 Sessionator
In response to Technical1

‎01-09-2014 01:26 PM

Hi Technical1,

Clearing the cache should usually do the trick, as that results in a cache miss, and forces a lookup.  However, there is the possibility that this URL is in the downloaded database on-disk.  Can you confirm that youv'e updated BrightCloud to the latest version? 

Thanks,

Doris

pieters
Not applicable

‎01-23-2014 12:45 AM

I'm having the same issue with a different url.

The site used to be categorized as web-advertisements but has since a couple of weeks been updated by brightcloud to 'business and economy'.

I'm running the latest url db (4238 as of writing) and I have the issue on at least 3 different boxes running 5.0.7, 5.0.8 and 5.0.9 respectively.

I've tried 'clear url-cache all', 'delete dynamic-url' and also tried reverting to the previous url db version and re-upgrading to the latest.

Basically, I've tried everything short of a reboot.

I can add the url to a whitelist as a workaround but would surely prefer a proper solution to the issue.

0 Likes Likes

dyang
L5 Sessionator
In response to pieters

‎01-23-2014 11:30 AM

Hi pieters,

If you're experiencing the same thing with a different URL, please open a ticket with our support team so we can have BrightCloud check to see if the entry is present in the downloadable database, or if there is something else at play.

--Doris

0 Likes Likes

PanIst
L3 Networker
In response to pieters

‎01-23-2014 01:45 PM

you have to open a case then Paloalto will open also a case to Brightcloud.

we had the same issue before.This is because of the file which paloallto downloads from update server.And issue is related to brightcloud.

0 Likes Likes
  • 4876 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks