03-19-2021 04:03 PM
Hello,
Is there a way to check what happened to the malicious file when Cisco Endpoint Security detects a threat and generate an even.
When I enter the Sha-256 hash I can see other information but not what happened? For example: Threat detected and file was quarantined or file deleted.
Thanks & Regards,
Sam
Solved! Go to Solution.
03-19-2021 04:36 PM
03-22-2021 04:17 AM
Hello @IamSamSaul, as @Ken Stieers already explained.
When checking the Event, you just need to open the Device Trajectory. In the example from the attached screenshot, i also filtered for the SHA256 hash of the malicious file.
Greetings,
Thorsten
03-19-2021 04:36 PM
03-22-2021 04:17 AM
Hello @IamSamSaul, as @Ken Stieers already explained.
When checking the Event, you just need to open the Device Trajectory. In the example from the attached screenshot, i also filtered for the SHA256 hash of the malicious file.
Greetings,
Thorsten
03-25-2021 07:56 AM
Thanks both Ken and Thorsten.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: