Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2249
Views
25
Helpful
3
Replies

Cisco Endpoint Security Question

Go to solution
IamSamSaul
Level 1
Level 1

‎03-19-2021 04:03 PM

Hello,

Is there a way to check what happened to the malicious file when Cisco Endpoint Security detects a threat and generate an even.

 

When I enter the Sha-256 hash I can see other information but not what happened? For example: Threat detected and file was quarantined or file deleted.

 

Thanks & Regards,

Sam

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎03-19-2021 04:36 PM

That should appear in the dashboard, events for the endpoint, the device trajectory...

View solution in original post

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎03-22-2021 04:17 AM

Hello @IamSamSaul, as @Ken Stieers already explained.
When checking the Event, you just need to open the Device Trajectory. In the example from the attached screenshot, i also filtered for the SHA256 hash of the malicious file.
Greetings,
Thorsten

DeviceTrajectoryMalicious File.png

View solution in original post

3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎03-19-2021 04:36 PM

That should appear in the dashboard, events for the endpoint, the device trajectory...

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎03-22-2021 04:17 AM

Hello @IamSamSaul, as @Ken Stieers already explained.
When checking the Event, you just need to open the Device Trajectory. In the example from the attached screenshot, i also filtered for the SHA256 hash of the malicious file.
Greetings,
Thorsten

DeviceTrajectoryMalicious File.png

Go to solution
IamSamSaul
Level 1
Level 1

‎03-25-2021 07:56 AM

Thanks both Ken and Thorsten. 

Customers Also Viewed These Support Documents