I'm working for a client who wants 802.1x configured on their switchports. The environment is an airlocked one. Currently there is no a record to permit joining the server to AD. It looks like i'm going to have to setup local users for each person...
Hello Team, I am trying to get Cisco AMP4e logs to Splunk, while configuring the input I am getting below error.Add-on - Cisco AMP for Endpoints Events Input - 3.0.0Splunk Version - 8.2.7Note: The API host, ID and Key are correct. Verified with below...
Admins being admins like to use powershell to solve certain task. To do this they will often run a powershell file downloaded from a server, i.e:C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -Command iex...
We are having a user that has been running into perofmance issues stemming from secure endpoint, when looking at the logs I see their machine's policy is being updated multiple times a day. What does the entail? And how can I fix this?
We have deployed Byod access for mobile devices on wireless using Cisco ISE guest portal with AD authentication. Customer ask is the user should not get the Portal redirect and authentication every day, it should be able to connect directly on the ba...
As of 6/17 it looks like Cisco is flagging and stopping endpoints from using Nvidia Geforce Experience with threat - 7f3a52c8…5a299936 nvsmartmax.dll W32.PCShareBackdoorDetected.iocI am not sure how to report this is cisco as a false positive?
I get this error:"There are no Endpoint IOC documents activated."It seems that I need to create a new policy for full scan. How to do it? TIA
We had an endpoint automatically isolate with a high severity retrospective detection, as per our settings. A couple days later, the same endpoint had another high severity retrospective detection but there was no attempt by the console to automatica...
Summary: Issue where devices are going into automatic isolation or coming out of isolation are not in the state that the Dashboard/portal thinks it is in. Cisco TAC ndicated there is a bug case CSCwj36632 but is not public. I'm making this publ...
Cisco Secure Endpoint Event API: https://developer.cisco.com/docs/secure-endpoint/v1-api-reference-event/In this API the response data is in descending time order, i.e. from newest to oldest data. So, in my usecase I need to fetch data from a particu...
Hello,Is there a good example how to use the Secure Endpoint API to extract only the threats detected?I saw an article regarding the events endpoint and all alert_types to filter, but is that the only way?https://developer.cisco.com/docs/secure-endpo...
Early this morning, we received 2 retrospective detections for putty-64bit-0.73-installer.msi/sha256: 31d001504b56e47d7e90b39a6fde6acf949e8c59d4717abac35eef0b932f89d7 with a classification of malicious my Cisco. Filescan.io indicates no detections/no...
We are looking to do an in place upgrade of our current TETRA update server from 2016 to 2022. After the upgrade is complete how would I determine if the server is pulling down current TETRA updates?Can I compare the files in C:\Tetra\Signatures to s...
Hello, We have cisco secure endpoint cloud and would like to migrate to private cloud appliance. My question is: Should we re-install connectors on endpoint or is there a way to change configuration and point them to private cloud appliance?
Good morning. When I do an api call, for groups, using this URI:https://api.amp.cisco.com/v1/groups?name=Protect It returns all of the groups with 'Protect' in their names...Is there a way to tell the API to just return the ONE group with the name of...
