hello.I'm trying to do an ISE failover. As far as I know, unlike wlc, ise does not automatically change the secondary device to primary even when the primary device is turned off. So how should we check the results of a successful failover? I think i...
Forum Posts
Hi everybody, my name is Stephanie and I connect customers with the teams working on new features for security products such as Secure Endpoint, Firewall products, XDR and more. I'm reaching out today because we are looking for people to give feedba...
Anyone having this issue as well on some W7 systems?Error Code 16019Connector update from 7.5.5.21061 to 7.5.7.21234 failed. Error: Unable to verify Secure Endpoint's digital signature. Please update Windows..
Resolved! CSIDL_BASEDIR Path Exclusion?
What does the CSIDL_BASEDIR path exclusion do? I keep looking online for documentation and can't seem to find anything that gives a clear answer.
Today there are multiples detections related to Winrar.exe. It looks like a false positive, but it´s weird, Is there a reason for this? The hash is e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80.
Hello,i have cisco sf350,sf200 and sf220 in my organization,sf200 and 350 works good with port security (there are option "secure permanent" which saves source mac and blocks if u plug in another mac but with sf220 there are only dynamic lock which o...
Boa tarde pessoal, como vão? Pessoal estou deixando na TV do escritorio a tela com o AMP aberto. Mas de tempos em tempos ele desloga e pede credenciais de novo. Como posso resolver essa questão?
Good morning, I sent the connector to update to the latest version (8.2.1.21612) and after waiting a few hours I see that I have 300 devices in the inbox that report the same event, which is "Suspicious smss.exe Parent Process". Could the new version...
Hello everyone. I am looking for a way to make Cisco Secure Endpoint to work with and send logs in real time to Google Chronicle SIEM.Can you please provide some instruction, if there is any? Thank you in advance!
I am trying to stop the Secure Endpoint service to do testing and I am not able to do so.Following these documents:https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213690-amp-for-endpoint-command-line-switches.htmlhttps://www.cisco.c...
Hi Everyone -Good day! I am new with CSE and part of my task is to upload IOCs using XML files from CISO. I got an error when I uploaded the file from CISO.The Endpoint IOC is not currently able to be validated according to the Cisco IOC specifiation...
Is there a way to safelist or create an exclusion for this benign powershell command without safelisting cmd.exe or powerhell.exe - just the actual Command parameter? These events are classified as "Command Obfuscation With Symbols" compromises and ...
Good morning everyone, I have a problem that on some machines the Service Status is in Stopped.Would anyone know what might be causing this?
It appears there's no "help" option in the training labs. I don't think the lab is complete as I'm unable to complete all functions in the lab. In particular, the environment module we import into our Python script doesn't have anything inside of it ...
Hi , can any one please help me out to receive daily email alerts of complete detection. I am using SourceFire v5.3 console and have tried creating a filter in "Analysis --> Detections/Quarantine" then subscribing a daily detections email alert, howe...
