The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Threat Intelligence page lists the most up-to-date data set for the Secure Workload pipeline that identifies and quarantines threats by inspecting the data center workloads against externally known malware command and control addresses, and security flaws in processes and geographical location.
To manage threat intelligence, from the navigation pane, choose .
The Threat Intelligence page displays the updated status of threat intelligence data sets. These data sets are updated automatically.
 Note |
The Threat Intelligence feature requires a connection to Cisco Secure Workload servers to automatically update. Your enterprise outbound HTTP request may require:
In environments without an outbound connection, upload the data sets directly. For more information, see the Manual Uploads section. |
|
Data set |
Description |
|---|---|
|
NVD CVEs |
Security related software flaws, CVSS base score, vulnerable product configuration, and weakness categorization |
|
MaxMind Geo |
Identification of the location and other characteristics of source IPs |
|
NIST RDS |
NIST Reference Data Set of digital signatures of known, traceable software applications |
|
Team Cymru |
Insight on 3,000+ botnet command and control IPs |
|
Hash Verdict |
Verdict of Secure Workload on process hashes (only available with the Automatic Updates section). |
Note |
In case the MaxMind Geo data set is manually uploaded in an earlier release, you must reupload the corresponding RPM to view the location and related information on the Flow Visibility page. |
Secure Workload updates threat data sets everyday between 3 to 4 a.m. UTC by synchronizing with the global data set available here. The global data set is refreshed weekly, on Fridays or Mondays. The Threat Intelligence dashboard lists the data sets and the date on which the data set was last updated.
Note |
Scheduling Manual Uploads: Data set RPM files are published to the Secure Workload Update Portal weekly. We recommend that you install the latest releases periodically by configuring a schedule for an administrator. |
Download the latest threat data sets from here.
Log in as a Site Administrator or Customer Support Executive.
|
Step 1 |
From the navigation pane, choose . |
|
Step 2 |
Under the Upload Threat Dataset section, enable manual upload. |
|
Step 3 |
Click Select Supplemental RPM and select the RPM files that are downloaded from the Secure Workload Update Portal. |
|
Step 4 |
Click Upload. 
|
Feedback