https://community.cisco.com/t5/network-security/security-intelligence-events/m-p/2879155#M17787 <P>Is there any way to drill into a Security Intelligence Event in Sourcefire? I am seeing numerous outbound CnC events coming from a host but cannot see what application, service, etc. is causing the triggered event.</P> <P></P> <P>Thanks!!</P> <P></P> <P>Scot Lymer</P> Tue, 05 Apr 2016 16:24:03 GMT slymer1965 2016-04-05T16:24:03Z https://community.cisco.com/t5/network-security/security-intelligence-events/m-p/2879155#M17787 <P>Is there any way to drill into a Security Intelligence Event in Sourcefire? I am seeing numerous outbound CnC events coming from a host but cannot see what application, service, etc. is causing the triggered event.</P> <P></P> <P>Thanks!!</P> <P></P> <P>Scot Lymer</P> Tue, 05 Apr 2016 16:24:03 GMT https://community.cisco.com/t5/network-security/security-intelligence-events/m-p/2879155#M17787 slymer1965 2016-04-05T16:24:03Z https://community.cisco.com/t5/network-security/security-intelligence-events/m-p/2879156#M17792 <P>Hi</P> <P></P> <P>Unfortunately there is no way of doing that.</P> <P></P> <P>Security Intelligence is the same as Blacklists. It stops the traffic before it knows what Application/Protocol that is used.</P> Thu, 07 Apr 2016 06:10:47 GMT https://community.cisco.com/t5/network-security/security-intelligence-events/m-p/2879156#M17792 Dennis Perto 2016-04-07T06:10:47Z