During a trial, the customer has accidently deleted the default protect policy.
How can this be restored? so it will be seen during a quick start.
I know you can make your own policies, but even then how can this be attached to the defaults.
Is there a way with either a Simple or Advanced Custom detection to stop a browser extension install or to remove/detect an existing one? Can you configure an IOC scan to Quarantine a file?
Hi
I have a hard time finding information regarding this.
What kind of protection provided by only Cisco AMP for networks if we do not have Cisco AMP for endpoints.
How it will track file trajectory without AMP for endpoint ?
is there any document ...
Hi Guys
before i start, forgive me for this post, i just need to be pointed in the right direction.
I have installed a ASA5506 at a client site for a POV, behind their edge firewall. The ASA is sitting on the network just monitoring traffic. It pic...
Hi,
I´m interested in AMP and would like to understand better how it works. If there are documentations to my questions (that I didn´t found so far) it would be very kind, if you could send me the links.
1.) When we are talking about Firepower inte...
My company just received 02 new firewall ASA 5515-X with Firepower from the distributor.
Because from the beginning the distributor did not know that the firepower need to be managed through a FirePower Defense Manager based on VMware ESXi then now I...
In our environment, we have an authenticated proxy. We created the exceptions the servers listed on the required server list document. The exception allow access to the websites without authenticating. However, the connectors were not connecting. Loo...
Hi all,
I received a retrospective file alert: A xls-file on my network seems to be malicious now.
Detection name: DOC.739FBB8CD4.MalMacro.tht.Talos
However, virustotal marks this file as safe:
Detection ratio:
0 / 56
Analysis date:
2016-06-09 ...
Hey everyone,
I apologize for the question but I'm still quite new to FirePOWER and am still learning the ropes when it comes to investigations. I received a few emails from FireSIGHT with the subject of "**Auto Generated Email** -- Network Based Ret...
Our client only wants to allow connections to the AMP update server and no other website or network.Could anyone provide the list of IPs it needs to connect to to get updates to signatures and patch updates?
Recently Cisco/SourceFire released a bulletin about a cloud migration for our SourceFire AMP clients and that we would need to update some policies to ensure our clients can talk to Cisco's cloud servers. I deployed the updated policy to one of our t...
Hi,
I would like to clarify if the ASA 5500-X with firepower services AMP feature includes email security, web security and endpoint security? Is it per license for those 3 security feature?
Thanks.
Adrian
Can someone please tell me if it is possible to exclude some sites from the ASA Firepower File Scanning Policy? We have a ASA 5506X and I would like to exclude windows update urls and some other sites from the file scanning policy. I tried a rule us...
How do you create the FireAMP connection in defense center? I have the license/subscription but don't have a SourceFire login - that is, when I try to create the connection it redirects me to a sourcefire login screen and asks for userid & password....
