Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1734
Views
0
Helpful
3
Replies

AMP | How to block malware in sourcefire

John
Level 1
Level 1

‎04-18-2017 05:55 AM - edited ‎02-20-2020 09:03 PM

one of our appliance (non-cisco) detect the malware. we would like to know how can we block the malware to sourcefice.

please see attached sample malware.

Labels:
Preview file
80 KB
0 Helpful
3 Replies 3

David Janulik
Cisco Employee
Cisco Employee

‎04-18-2017 06:46 AM

The basic answer would be, the AMP detects malware based on signature details.The machine learning called Spero engine detect abnomalies in the system and finally threatgrid as dynamic analysis with power of API automatic sample submissions.

David

Cyber security escalation engineer
0 Helpful

John
Level 1
Level 1
In response to David Janulik

‎04-18-2017 07:18 AM

how do we determine if the sourcefire already block the malware?

0 Helpful

David Janulik
Cisco Employee
Cisco Employee
In response to John

‎04-18-2017 07:23 AM

in the dashboard > Analysis > events > Threat detected

This is displayed as day/week/All

To search up for particular malware, you need to know its SHA. Than you can use the filter under Analysis > Search.

David

Cyber security escalation engineer
0 Helpful
Customers Also Viewed These Support Documents