Is there a way to safelist or create an exclusion for this benign powershell command without safelisting cmd.exe or powerhell.exe - just the actual Command parameter? These events are classified as "Command Obfuscation With Symbols" compromises and ...
Good morning everyone, I have a problem that on some machines the Service Status is in Stopped.Would anyone know what might be causing this?
It appears there's no "help" option in the training labs. I don't think the lab is complete as I'm unable to complete all functions in the lab. In particular, the environment module we import into our Python script doesn't have anything inside of it ...
Hi , can any one please help me out to receive daily email alerts of complete detection. I am using SourceFire v5.3 console and have tried creating a filter in "Analysis --> Detections/Quarantine" then subscribing a daily detections email alert, howe...
Hey all - I have numerous endpoints that are showing as not being seen in xx amount of days in the portal. However if I remote into these endpoints and check the secure endpoint application it shows as connected, pull down updates and has even update...
Good day all! From time to time, I find that there are several of our machines that have their service stopped with Secure Endpoint. I haven't found what has been stopping it, but has anyone seen this and know what has been causing this? And is there...
Curious if there is way to mark a potential compromise as resolved with the API. I would like to automate some known false positives that routinely appear.I didn't notice any POSTs in the current version of the documentation (Secure Endpoint API - C...
Is there an option in Cisco FMC to block Hash via EDL method, similar to the option available for blocking IP, Domain, and URL via EDL in FEEDs in security intelligence section? Currently, it only allows manual creation and upload of a file list cont...
I've added device contol to my polocy for Windows devices. I am using the default Global Policy with the setting to Block and notify users. It has had a week to replicate but it isn't working. Users are still able to attach a usb device and either...
When I'm going through my list of computers to check and fix those with a high 'Kenna Risk Score', I sometimes get the feeling that a particular client's score is not up to date. For example, immediately after installing a missing Windows update on t...
Hi @cisco team, raising this here to make you aware of a HEAP of chrome exploit prevention alerts we are getting across all of our customers. This is almost identical to the May edition of this happening. https://community.cisco.com/t5/endpoint-sec...
Hi All,I have noticed that there's some IOC's missing from the Exclusion set list. Is this intended? The IOC I would like to create an exclusion for is nowhere in the list.If this is intended, it would be great if somebody could advise on another way...
Hi everybody, my name is Stephanie and I connect customers with the team working on new features for Cisco Secure Endpoint. I'm reaching out today because we are looking for people to give feedback on device trajectory in Secure Endpoint. Sign up he...
Good morning, reviewing the policies we have inadvertently removed the "Triage A" policy in Cisco Secure Endpoint. We try to create it back to that policy but the one we create does not have the same "strength" as the default triage.What would be the...
Is there best practice configuration to help detect or prevent against CVE-2023-36884?
