https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4645630#M6948 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/151475">@tom.power1</a>&nbsp;,<BR />if I understand right, you want to query a group... e.g. like, select a group of endpoints defined in Secure Endpoint, and starting a query for these endpoint only, right?</P> <P>If I´m not totally wrong, some work is done in this direction. You may ping your Cisco representative for an official statement. <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>Greetings,<BR />Thorsten</P> Thu, 07 Jul 2022 07:46:36 GMT Troja007 2022-07-07T07:46:36Z https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4629784#M6919 <P>Hi,</P><P>In response to a security incident, I would like to query one group of endpoints in AMP (Secure Endpoint) for network connections to a specific IP address.</P><P>&nbsp;</P><P>How can I do that in Orbital?</P><P><BR />Thanks for your time.</P><P>Have a great day.<BR />T</P> Fri, 10 Jun 2022 17:35:25 GMT https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4629784#M6919 tom.power1 2022-06-10T17:35:25Z https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4632830#M6929 <P>Thanks for the information, keep sharing this type of info&nbsp;<FONT color="#FFFFFF">&nbsp;</FONT><A href="https://www.marriottglobalsource.org/" target="_self"><FONT color="#FFFFFF">Marriott Global Source Login</FONT></A></P> Fri, 17 Jun 2022 04:39:48 GMT https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4632830#M6929 nazi.farhadi3171 2022-06-17T04:39:48Z https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4643500#M6942 <P>hello,</P> <P>as per my understanding, you have an IP address and you want to find out which endpoints has connected to that IP address, is my understanding correct?</P> <P>have you tried using Threat Response to investigate the IP address?</P> <P><A href="https://visibility.apjc.amp.cisco.com/" target="_blank">https://visibility.apjc.amp.cisco.com/</A></P> <P>Threat response can investigate on IP addresses, domains, URLs... you can open Threat Response and paste the IP address in the top field and then click 'investigate'.</P> <P>&nbsp;</P> Mon, 04 Jul 2022 16:18:26 GMT https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4643500#M6942 JennieZhang 2022-07-04T16:18:26Z https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4645630#M6948 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/151475">@tom.power1</a>&nbsp;,<BR />if I understand right, you want to query a group... e.g. like, select a group of endpoints defined in Secure Endpoint, and starting a query for these endpoint only, right?</P> <P>If I´m not totally wrong, some work is done in this direction. You may ping your Cisco representative for an official statement. <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> <P>Greetings,<BR />Thorsten</P> Thu, 07 Jul 2022 07:46:36 GMT https://community.cisco.com/t5/endpoint-security/how-to-query-one-group-in-amp-for-an-ip-address/m-p/4645630#M6948 Troja007 2022-07-07T07:46:36Z