Re: AMP4E macOS - Isolation Support, IOC Scan support ?

zrouse · ‎11-08-2019

It appears there is no capability for Isolation on macOS, same with IOC Scans?

Is this true, and if it is, are those features being worked on?

Thanks.

brmcmaho · ‎11-08-2019

The initial rollout of endpoint isolation is in the Windows connector. There are plans to extend this to the macOS and Linux connectors, but no precise dates that I can share at this point.

The Windows-specific Endpoint IOC scan feature has been there for a long time. There's some work under way (see the current open beta of Orbital Advanced Search for example) to add capabilities here, and again it's likely that this will show up for Windows first, and the other OS connectors to follow at a later point.

The prioritization is mainly a matter of Windows still being the leading target of attacks, as well as the largest chunk of the AMP connector installed base, so that's where the need is generally most acute.

detter · ‎11-08-2019

Are you saying that Cisco has a single A4E software development team across all the desktop platforms (Windows\Linux\MacOS), and that they only advance one connector at a time?

dgcapel · ‎11-10-2019

The deployment of windows version is most advanced than others versions (macOS and Linux) because is the platform priority.

brmcmaho · ‎04-17-2020

You're correct - the endpoint isolation feature is currently only available in Windows connectors. Support for Mac and Linux connectors will be coming later -- exactly when is still to be determined.

Similar answer applies to endpoint IOC scan, though in this case, it's likely to show up in the form of Orbital Advanced Search instead of the old-fashioned IOC scan model.