09-29-2020 05:42 AM
Receiving Cisco AMP retroactive convictions from LOWRISK to MALICIOUS, but the files are not available in AMP/ThreatGrid as a reviewable scanned file, such that the behaviors can be extracted and mitigation be implemented based on that data.
Current Workflow:
Anyone have any experience with this?
09-29-2020 06:34 AM
09-29-2020 07:55 AM
Thanks for the insight. Unfortunately this page does not have my particular event listed. It also does not list any IOCs of which we ultimately want to have to find out if there was any nefarious activity during the time of the rating change.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide