02-06-2017 12:53 AM
Hi
Looking into configure the alerts for Advanced Malware Protection (AMP) in Email Security Appliances C670 especially for the verdict changes.
Appreciate any guidance.
02-06-2017 04:17 AM
Hi,
Threat verdicts can change as new information emerges. A file may initially be evaluated as unknown or clean, and the file may therefore be released to the recipient. If the threat verdict changes, you will be alerted, and the file and its new verdict appear in the AMP Verdict Updates report. You can investigate the point-of-entry message as a starting point to remediating any impacts of the threat.
Verdicts can also change from malicious to clean.
When the appliance processes subsequent instances of the same file, the updated verdict is immediately applied.
These are part of informational alerts so you would need to ensure you are configured to receive such alerts under System Administration -> Alerts.
You can also keep track of verdict changes using the AMP Verdict Updates report.
Thanks
Libin Varghese
02-06-2017 06:57 AM
Please see the below url which has various links for C670 information.
http://www.cisco.com/c/en/us/support/security/email-security-appliance-c670/model.html
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118511-technote-esa-00.html#anc2
Hope to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide