Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2128
Views
25
Helpful
3
Replies

Cisco Endpoint Security Question

Go to solution
IamSamSaul
Level 1
Level 1

‎03-19-2021 04:03 PM

Hello,

Is there a way to check what happened to the malicious file when Cisco Endpoint Security detects a threat and generate an even.

 

When I enter the Sha-256 hash I can see other information but not what happened? For example: Threat detected and file was quarantined or file deleted.

 

Thanks & Regards,

Sam

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎03-19-2021 04:36 PM

That should appear in the dashboard, events for the endpoint, the device trajectory...

View solution in original post

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎03-22-2021 04:17 AM

Hello @IamSamSaul, as @Ken Stieers already explained.
When checking the Event, you just need to open the Device Trajectory. In the example from the attached screenshot, i also filtered for the SHA256 hash of the malicious file.
Greetings,
Thorsten

DeviceTrajectoryMalicious File.png

View solution in original post

3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎03-19-2021 04:36 PM

That should appear in the dashboard, events for the endpoint, the device trajectory...

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎03-22-2021 04:17 AM

Hello @IamSamSaul, as @Ken Stieers already explained.
When checking the Event, you just need to open the Device Trajectory. In the example from the attached screenshot, i also filtered for the SHA256 hash of the malicious file.
Greetings,
Thorsten

DeviceTrajectoryMalicious File.png

Go to solution
IamSamSaul
Level 1
Level 1

‎03-25-2021 07:56 AM

Thanks both Ken and Thorsten. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents