08-26-2019 05:02 AM - edited 02-20-2020 09:10 PM
HI All,
There are many event types available in filter tab.Do we have any small definition about the event types example : Cloud IOC,etc
09-01-2019 10:53 PM
Hello @abirajkwilson,
not 100% sure what you need in detail.
Cloud IOC: this is not a "static event". The endpoint monitors disk, process and network activity. This activity is processed in the AMP backend and generates the IOC Events. They are different to normal Threat Events. An IOC event indicates a problem with and endpoint you should investigate.
Pleas come back to me if yo have more questions.
Greetings,
Thorsten
09-03-2019 04:28 AM - edited 09-03-2019 04:29 AM
HI @Troja007,
the reply you provided was good for Cloud IOC Events. Is there definitions/information(Cisco KB link) available like you have provided(Cloud IOC) for other types of events and subdivisions of events? Detected threats>>Malicious Activity Detection,Exploit prevention,etc IOC>>cloud,multiple infected files,potential dropper infection,etc
09-03-2019 01:33 PM
Hello @abirajkwilson,
for Threat Events and the naming, you can take a look here: https://www.talosintelligence.com/amp-naming
Regarding other Events like ExPloit Prevention: What information you need? Or, what information you need to understand the Event?
Just to be sure, you want to have a longer description about any Threat Type? Which information in detail you are looking for. Maybe information how you should handle the information?
Just trying to understand your needs.
Greetings,
Thorsten
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: