Hi Team,
I need some assistance to have visibility for Malware events on IBM Qradar, the estreamer integration works fine and I can see events, IPS, Connection logs however I cant see any Malware events.
I have tried to generate Malware events fo...
Hi,How can I have the following:Full scan started by the scheduler.Scan completed successfully.Found 10 detections, 0 suspicious files and 0 hidden files.Scan time 6 hours.Scanned 1244779 files, 289367 directories and 109 processes.Engines used: SHA,...
Hello, I find on this doc https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html URL to open for AMP for Endpoint operations. After deploying my configuration my AMP connector is still disconn...
I created a new group with new a policy. i got to and endpoint and click on management and click move to group. everything looks good. In the console it looks like it moves but on the endpoint still points to the old policy. even if i stop and start ...
Does anybody have any exprience with AMP for endpoints forwarding information/logs to microsoft SCOM . Our customer wants to integrate AMP with SCOM . The only thing i have found is that maybe it can be solved devopling api rests. But would realy lik...
Are there any known issues with SCCM deployments of AMP and logging into the Deployment Summary logs in the AMP console. I have recently deployed connectors and the systems do not show up in the Deployment summary list but the machines do appear as ...
Hello Experts,
can any one please explain me, what does deleting session and new session means in below logs from source fire appliance. Though the rules are allowed on firewall , only one way traffic is seen, I cannot see bi-directional traffic. ...
Are there any known issues with SCCM AMP deployments not showing in the Deployment Summary logs?? I recently did a deployment of connectors that are not showing in the logs but do show under the managed connector policy. Any help would be greatful...
Hi,
Does anybody know is there a configuration options for Ethos engine on the FMC. I could not find any reference to it in the configuration guide. I can see the configuration setting for Ethos on the endpoints but not on the FMC for the firewalls...
The release notes for AMP for Endpoints Console 5.4.20171128 stated that command line data is now available on the API. However, I did not find any mention of this capability in the API documentation which still only lists two versions v0 and v1. Has...
Upgrading the AMP for Windows connector to version 6.0.5 seems to detect itself as a threat, and the number of compromises on my dashboard are growing like crazy. Below is an example of what it's detecting:
Event Type: Threat Detected in Exclusion...
Our company has about 32 users that got this message from the attached screen shot. It detected the threat but will not quarantine. It fails to quarantine on every system. When we look at the location of the file, the file isn't there. The threat cam...
Hi All,I have a question about ThreatGRID appliance integrated with Cisco ESA for local sandbox analysis.Is it possible to receive notification from ThreatGRID appliance in case of an analized file is classified as Malware?I.E could be a good option ...
