Can we fetch vulnerability details with Cisco AMP using Orbital.
Can we fetch vulnerability details with Cisco AMP using Orbital feature. If so can someone please let me know if there is any inbuilt query or we have to create customize queries for fetching this information for all applicable endpoints.
If there is any customize queries, can someone please share it with us.
When you say fetch vulnerabilities, what exactly are you referring to? If you're talking about software vulnerabilities reported by AMP, you can use the AMP API to pull this information. If you're talking about Microsoft reported vulnerabilities, you can use the "Windows HotFixes Monitoring" Orbital query to pull up a list of KBs installed on the system and determine which vulnerabilities exist based off of that. There are also a few specific CVE queries listed that you can find by searching "CVE" in the orbital queries.
Thanks Matt. I just need to fetch complete list of vulnerabilities.
I have couple of questions.
a) How do we use AMP API to get the list of all software vulnerabilities. Can you please provide some supporting document to run this queries. Also can we run these queries for a particular group instead of single machine.
b) With respect to Microsoft vulnerability, I ran "Windows HotFixes Monitoring" query and it gives me set of KBs. Are these KBs open to vulnerability or just the list of KBs that are installed on the machine?
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.