Summary: Issue where devices are going into automatic isolation or coming out of isolation are not in the state that the Dashboard/portal thinks it is in. Cisco TAC ndicated there is a bug case CSCwj36632 but is not public. I'm making this publ...
Cisco Secure Endpoint Event API: https://developer.cisco.com/docs/secure-endpoint/v1-api-reference-event/In this API the response data is in descending time order, i.e. from newest to oldest data. So, in my usecase I need to fetch data from a particu...
Hello,Is there a good example how to use the Secure Endpoint API to extract only the threats detected?I saw an article regarding the events endpoint and all alert_types to filter, but is that the only way?https://developer.cisco.com/docs/secure-endpo...
Early this morning, we received 2 retrospective detections for putty-64bit-0.73-installer.msi/sha256: 31d001504b56e47d7e90b39a6fde6acf949e8c59d4717abac35eef0b932f89d7 with a classification of malicious my Cisco.
Filescan.io indicates no detections/no...
We are looking to do an in place upgrade of our current TETRA update server from 2016 to 2022. After the upgrade is complete how would I determine if the server is pulling down current TETRA updates?Can I compare the files in C:\Tetra\Signatures to s...
Hello,
We have cisco secure endpoint cloud and would like to migrate to private cloud appliance.
My question is: Should we re-install connectors on endpoint or is there a way to change configuration and point them to private cloud appliance?
Good morning. When I do an api call, for groups, using this URI:https://api.amp.cisco.com/v1/groups?name=Protect It returns all of the groups with 'Protect' in their names...Is there a way to tell the API to just return the ONE group with the name of...
"Hello,I am inquiring whether Cisco XDR offers solutions for restricted environments that are not connected to the internet. Specifically, I am interested in a setup similar to the AMP private cloud, where network devices and endpoints can connect to...
After we updated our Windows servers to the latest "AMP" conector 8.4.0 we see alerts/error in our SCOM environment.It is the CiscoSecureEndpoint Service Launcher that fail with exit code 267011, at the same time we see on the local server that the S...
Anybody else getting retrospective detections for these files? They are created by legitimate svchost.exeLooks like they must be components of Dev HomeDev Home for Windows Developers | Microsoft LearnDevHome.RegistryPreview.exe47f2ecbbc1f812b63042c8...
Greetings to all,I am having a situation in which I am getting computer duplicates in the Cisco Secure Endpoint Console. I am well aware that there is a special procedure for prepping a golden image, setting up identity persistence and using scripts...
13 March 2024Secure Endpoint Console 5.4.20240313Bugfixes/Enhancementsl Renamed console event types:l Threat Detected renamed to File Detection.On the 27th of April this was renamed from File Detection back to Threat Detection. Does anyone know why t...
Our organization would like to create a pop-up notification on an end user's device that informs them that their computer has been isolated and they need to contact IT services.My question, is there a specific registry key or a file that gets created...
