Reputation Center

Talos’ Reputation Center provides access to expansive threat data and related information.

IP and Domain Reputation Center

Talos’ IP and Domain Data Center is the world’s most comprehensive real-time threat detection network. The data is made up of daily security intelligence across millions of deployed web, email, firewall and IPS appliances. Talos detects and correlates threats in real time using the largest threat detection network in the world spanning web requests, emails, malware samples, open-source data sets, endpoint intelligence, and network intrusions. The Email and Web Traffic Reputation Center is able to transform some of Talos' data into actionable threat intelligence and tools to improve your security posture.

Talos File Reputation

The Cisco Talos Intelligence Group maintains a reputation disposition on billions of files. This reputation system is fed into the AMP, FirePower, ClamAV, and Open-Source Snort product lines. The tools below allow you to do casual lookups against the Talos File Reputation system. This system limits you to one lookup at a time, and is limited to only hash matching. This lookup does not reflect the full capabilities of the Advanced Malware Protection (AMP) system.

AMP Naming Conventions

Cisco's Advanced Malware Protection (AMP) solutions protect organizations before, during, and after an attack. AMP is built on an extensive collection of real-time threat intelligence and dynamic malware analytics supplied by Talos, and AMP Threat Grid intelligence feeds. The AMP Naming Conventions Guide provides a sample of the naming convention patterns of threats collected in AMP to help with threat analysis. This list is not exhaustive and is subject to change at any time without notice.

IP Blacklist

This IP list is a proof of concept list, moved over during the Sourcefire acquisition from to This list was originally designed (and still is) to be used as a proof of concept within the IP Blacklist Preprocessor in Open Source Snort, and is made available to the community for free. This IP list is largely 3rd party intelligence (Tor exit nodes, etc) ingested from a 3rd party and made available to open source Snort users for free.

The list varies in size and is updated every 15 minutes, it is much less than 1% of the total Talos IP reputation intelligence.

The list will be moved from to in an upcoming development effort.

This list should not be used for anything other than to prove that the IP blacklist in Open Source Snort works, and it should not be used as a 3rd party feed to Cisco products in any way (as all the intelligence in this list is a subset of any master intelligence that we have). This list should also not be used for any efficacy rating or measurement.

Advanced Windows Buffer Overflow (AWBO) Exercises

The AWBO Exercises are practice for exploit developers to help familiarize them with Advanced Windows Buffer Overflows. The exercises include a walk-through primer to help set up the necessary environment for the exercises, guidelines, needed shellcode and cheat sheet, and four test exercises.

Intelligence Categories

Talos, Cisco’s Security Intelligence and Research Group, constantly tracks a broad set of attributes to evaluate conclusions about a given host. The below tables contain alphabetical listings and descriptions of the standard categories used to classify website content and the standard threat categories used to classify attack types.