Had an email with a PDF attachment that ESA AMP gave a disposition of LowRisk, then 3 1/2 hours later changed the attachment to Malicious. This is good but why didn't ESA AMP catch it the first time? I ask this because Talos File Reputation lists the Date Detection Created as 05/01/2018. The e-mail was delivered to us on 3/11/2019.
So why did ESA AMP give the PDF a LowRisk when Talos File Reputation knew about the Malicious Hash for 10 months?
This is very concerning and my trust in AMP is dropping.
I am going to guess that AMP's failure to identify known malicious files is related to the known AMP bug. CSCvg48611
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...
To participate in this event, please use the button to ask your questions
(This event was formerly know as Ask the Expert event)
This topic is a chance to discuss more about the best configuration and troubleshooting pr...