Bright cloud DB classifications on url

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Bright cloud DB classifications on url

L1 Bithead

Hi,

I wonder if anyone can help.

there is a site  - ea.sendcpt.com which is listed in both brightcloud and PAN-DB

On brightcloud it is listed as malware-sites

But on PAN-DB which is a newer DB it is listed as business and economy

The end customer is having an issue as they are trying to access the site as it is a trusted site but they are getting block pages due to it being classified as malware on brightcloud.

I have tried the following to clear the cache in the hope it updates but to no avail.

-clear url-cache all

-delete dynamic-url host name ea.sendcpt.com

<this comes back with site removed>

But then the same issue occurs when trying to access it.

The customer is reluctant to use PAN-DB - is there another way around this??

Thanks

Sean

9 REPLIES 9

L7 Applicator

Hello Sean,

I would request you to follow below mentioned 2 steps.

Step-1:

You can send a request to brightcloud to change the URL categorization for "ea.sendcpt.com". Please follow the below mentioned document for the same:

How to Request a URL Category Change from BrightCloud

Step-2: For the time being, you can create a custom URL category for "ea.sendcpt.com" to allow it through Brightcloud.

How To Create Custom URL Categories

Hope it will help you.

Thnaks

L5 Sessionator

Hello Sean,

I'm not quite sure you have requested a change or not but Bright cloud is showing category as 'Business and Economy'.

Regards,

Hari Yadavalli

Thanks for your help. I will create a custom URL.

Hi Hari,  the problem is that the test url command categorizes the website ea.sendcpt.com as malware-site whilst the brightcloud website is categorizing it as business-and-economy.  All possible commands have used i.e.

clear url-cache all

delete dynamic-url host name ea.sendcpt.com etc...

Is there anything missing that needs to be addressed.. how can we have a website actually contact the cloud manually?

Kind Regards,

Kalyan

Hi Hulk,  the problem is that the test url command categorizes the website ea.sendcpt.com as malware-site whilst the brightcloud website is categorizing it as business-and-economy.  All possible commands have used i.e.

clear url-cache all

delete dynamic-url host name ea.sendcpt.com etc...

Yes, the website is correctly classified by Brightcloud but misclassified by the firewall.  When brightcloud is categorizing it correctly, there is no need for custom url category.

Is there anything missing that needs to be addressed.. how can we have a website actually contact the cloud manually?

Hi Technical1,

Clearing the cache should usually do the trick, as that results in a cache miss, and forces a lookup.  However, there is the possibility that this URL is in the downloaded database on-disk.  Can you confirm that youv'e updated BrightCloud to the latest version? 

Thanks,

Doris

Not applicable

I'm having the same issue with a different url.

The site used to be categorized as web-advertisements but has since a couple of weeks been updated by brightcloud to 'business and economy'.

I'm running the latest url db (4238 as of writing) and I have the issue on at least 3 different boxes running 5.0.7, 5.0.8 and 5.0.9 respectively.

I've tried 'clear url-cache all', 'delete dynamic-url' and also tried reverting to the previous url db version and re-upgrading to the latest.

Basically, I've tried everything short of a reboot.

I can add the url to a whitelist as a workaround but would surely prefer a proper solution to the issue.

Hi pieters,

If you're experiencing the same thing with a different URL, please open a ticket with our support team so we can have BrightCloud check to see if the entry is present in the downloadable database, or if there is something else at play.

--Doris

you have to open a case then Paloalto will open also a case to Brightcloud.

we had the same issue before.This is because of the file which paloallto downloads from update server.And issue is related to brightcloud.

  • 4398 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!