https://community.cisco.com/t5/endpoint-security/amp-specific-features/m-p/2988363#M1698 <P>Hi Team,</P> <P></P> <P>We are working on a requirement of NGIPS and APT requirement and need clarification of these feature support in AMP for endpoints:</P> <P></P> <UL> <LI>Is the product capable of automatically collect and store forensic data locally on client for endpoint incidents.</LI> <LI>Does the product provide support for XFF to identify end user behind Proxy servers</LI> <LI>Is the product capable of self healing/recovery for their agents deployed on endpoint.</LI> <LI>Does the product have ability to identify end user behind IP address by integrating with user repository like AD etc</LI> <LI> <P>Is the product able to provide customizable sandbox to fulfill Customer's environments and needs.</P> </LI> <LI> <P>What is the file size supported for Sandbox analysis : On-premises&nbsp;Cloud based &nbsp;</P> </LI> <LI> <P></P> <P>How many no of simultaneous environments supported in sandbox: On-premise&nbsp;Cloud based</P> </LI> <LI> <P></P> <P>Providing a single sandbox instance per OS with co-existence of various application version instances installed on it.</P> </LI> <LI> <P>Does the product have sandbox inbuilt tools for static-analysis (such as jsunpack, yara, etc.) of files/artifacts.</P> </LI> <LI> <P>Does the product have necessary packet captures enabled on sandbox environment.</P> </LI> <LI> <P>Is your solution capable for both hardware and virtual emulated sandbox.</P> </LI> </UL> <P></P> <P>Thanks &amp; Regards,</P> <P>Yogesh Madhekar</P> Fri, 21 Feb 2020 05:02:41 GMT ymadheka 2020-02-21T05:02:41Z https://community.cisco.com/t5/endpoint-security/amp-specific-features/m-p/2988363#M1698 <P>Hi Team,</P> <P></P> <P>We are working on a requirement of NGIPS and APT requirement and need clarification of these feature support in AMP for endpoints:</P> <P></P> <UL> <LI>Is the product capable of automatically collect and store forensic data locally on client for endpoint incidents.</LI> <LI>Does the product provide support for XFF to identify end user behind Proxy servers</LI> <LI>Is the product capable of self healing/recovery for their agents deployed on endpoint.</LI> <LI>Does the product have ability to identify end user behind IP address by integrating with user repository like AD etc</LI> <LI> <P>Is the product able to provide customizable sandbox to fulfill Customer's environments and needs.</P> </LI> <LI> <P>What is the file size supported for Sandbox analysis : On-premises&nbsp;Cloud based &nbsp;</P> </LI> <LI> <P></P> <P>How many no of simultaneous environments supported in sandbox: On-premise&nbsp;Cloud based</P> </LI> <LI> <P></P> <P>Providing a single sandbox instance per OS with co-existence of various application version instances installed on it.</P> </LI> <LI> <P>Does the product have sandbox inbuilt tools for static-analysis (such as jsunpack, yara, etc.) of files/artifacts.</P> </LI> <LI> <P>Does the product have necessary packet captures enabled on sandbox environment.</P> </LI> <LI> <P>Is your solution capable for both hardware and virtual emulated sandbox.</P> </LI> </UL> <P></P> <P>Thanks &amp; Regards,</P> <P>Yogesh Madhekar</P> Fri, 21 Feb 2020 05:02:41 GMT https://community.cisco.com/t5/endpoint-security/amp-specific-features/m-p/2988363#M1698 ymadheka 2020-02-21T05:02:41Z