My shop utilizes cisco firepower and umbrella. We have to make a decision on an endpoint protection product. Since we’re using the other cisco products would it be best to go with Cisco AMP? The current endpoint product is from another vendor, but wi...
Forum Posts
Greetings!I'm having issues with one server in particular where AMP is disconnected and states it can't connect to the internet.In the SFC.exe.log file I can see these errors, assuming this is the problem. I have monitored the traffic leaving the ser...
Are there any recommendations on which queries from the Orbital catalog should be executed on a recurring basis to populate data into the Threat Response Private Intelligence remote data store and the frequency for which they should be run?Also, is t...
I need to import the configuration of one device to another. So far the only options provided is either backup / restore which only worked partially (missing objects and rules) or to re-enter it using the gui. Anybody knows a way to do this through ...
Hi, I am getting this error recently when I move computers to another policy. failed to update policy with serial number Error CodeDescription3240099844Configuration reload failed It was working last week and there are no changes in the network o...
Resolved! Secure Endpoint - warn trusted
I am newer to the Secure Endpoint Product and cannot find int he user guide or our current documentation for a warn trusted cert. I am assuming with the amount of software etc that is out there this could be a pretty normal occurrence and to keep an...
Resolved! False positive for log4j ????
Hello,During scan, we found an apache server vulnerable to Java.Exploit.CVE_2021_44228-9914600-2. The culprit file was the "log4j-core-2.16.0-tests.jar"How this is possible? The log4j is supposed to be vulnerable for versions till 2.15.Should I treat...
I'm working with ISE in my home lab and I noticed there is no "Policy set" in under policy menu webui. how to enable it?Service Identity Engine, Endpoint Security
Hello, sorry for my english. I writed a python api post code for add a mac add to endpoint group (whitelist), but now need another python api rest code for delete a mac add form DB ise directly.. (not from whitelist)..The new code need question it th...
Hello! We are looking to upgrade our hostscan image to 4.10 in order to permit connection from machines running the lastest a/v products. We are wondering: Will the clients be instructed to pull down the 4.10 version of Anyconnect after the upgrade...
Does Secure Endpoint scan using IP address or Hostname?
Hey all, I was wondering if I could get some assistance with an issue I'm encountering. I have a few servers setup that have the endpoint installed, but these servers frequently go missing when checking the console. Sometimes a restart helps, but I h...
Hi All, Is it possible to receive a notification if a scheduled scan gets cancelled? I've checked the Events Dashboard but don't see an Event Type to subscribe to for this sort of notification under Computer Scans (this is for a Full scan of the comp...
Evaluating Cisco AMP, and I would like some community feedback on how you see this product stacking up against Defender ATP etc.IMO: AMP is lacking user logon monitoring. There is no analysis on this part. Failed logons to a server, creation of new a...
I've noticed that you can search by username in AMP and get the devices that the user has logged into (or possibly generated events on). This is also possible in the API. I am wondering if there is any way to do the reverse. Is there any way to find ...
