cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1357
Views
0
Helpful
5
Replies

can we check cisco Talos logs for our ESA

hashimwajid1
Level 3
Level 3

Hi

 

we have enabled AMP on our ESA appliance policies and we want to check the what cisco Talos has blocked so far for incoming threat coming via email into our domain. can we check the AMP prevention on cisco Talos for our ESA ? since ESA is integrated with AMP 

 

Thanks

1 Accepted Solution

Accepted Solutions

To see what has been blocked, there are a few different places you can look.

There are reports under Monitoring in the GUI.

Talk to your Cisco Security SE to get set up with a ThreatGrid Device Admin account so you can see what fires are being uploaded and what the execution looked like.

If you have AMP for Endpoints and have newer versions (11.7 or newer I think) of ESA, you can register your ESA to your AMP account and see all of the files there as if it were a workstation.

View solution in original post

5 Replies 5

To see what has been blocked, there are a few different places you can look.

There are reports under Monitoring in the GUI.

Talk to your Cisco Security SE to get set up with a ThreatGrid Device Admin account so you can see what fires are being uploaded and what the execution looked like.

If you have AMP for Endpoints and have newer versions (11.7 or newer I think) of ESA, you can register your ESA to your AMP account and see all of the files there as if it were a workstation.

Hi Ken,

Thanks

which mean we need ThreatGrid Admin Account on Cisco Talos to see the block/malicious traffic coming to our domain ? is it free or we need some licensing ?


Regards

A device admin account is free.

can we create the account ourselves or we have to engage the cisco to create this on TALOS ?

 

As far as I know, you have to contact your Cisco Account Manager. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: