03-05-2021 04:52 AM
Hello,
I would like to ask some questions about the operation of AMP
1. When upgrading an agent, the reboot after needs to be done with privileged account?
2. Is there a site that hosts IOC xml files?
3. Is there a way for AMP to automatically upload files to threatgrid?
4. The endpoint isolation could be done automatically?
Regards,
Konstantinos
03-05-2021 07:45 AM
03-07-2021 10:26 PM
Good morning!!
Thank you for the answers!
1. So if it does not update with normal user there is a problem.
2. Where exactly? I cannot find an .xml file for IOCs
3. Great! Found it!
4. Found it! I can see that the criteria is only the severity. Is there a way to choose sth else?
Regards,
Konstantinos
03-07-2021 11:57 PM - edited 03-10-2021 10:30 PM
Hello @kostasthedelegate,
some infos inoline..
Thank you for the answers!
1. So if it does not update with normal user there is a problem.
A: The endpoint upgrade is completely independent from the logged on user... you can also do an upgrade if no user is logged on.
2. Where exactly? I cannot find an .xml file for IOCs
A: Hello, there is not a List of .xml files. If there is a e.g. blog post (example), it includes observavles or IOC information, you can use the SecureX Browser add-on to directly add them to a casebook and to investigate your environment.
The intelligence in the Backend for Cloud IOC generation is constantly updated by Cisco. The IOC information, e.g. on Talos Website, can be used to do additional Threat Hunt and investigations.
3. Great! Found it!
A: great
4. Found it! I can see that the criteria is only the severity. Is there a way to choose sth else?
A: automated actions inside Secure Endpoint Console are always triggered by an IOC. In addition, you can use the API to trigger them from external sources. OR, you can build your personal Orchestration Workflows (SecureX) and trigger them. Orchestration Workflows can also be triggered from external.
Greetins,
Thorsten
.. did some smaller updates to remove typos.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide