Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
3
Replies

Creation of policy Triage Secure Endpoint AMP

jmandelbaum
Level 1
Level 1

‎08-08-2023 07:08 AM

Good morning, reviewing the policies we have inadvertently removed the "Triage A" policy in Cisco Secure Endpoint. We try to create it back to that policy but the one we create does not have the same "strength" as the default triage.

What would be the configuration or how is it done to have again a policy like Triage A that comes by default?

Thank you!

0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎08-08-2023 07:50 AM

Looking at my "stock" triage policy, lots of it is turned off... I'm not sure I'd consider it "stronger".
My actual triage policy that is in use has all engines configured to block/protect.
0 Helpful

jmandelbaum
Level 1
Level 1
In response to Ken Stieers

‎08-08-2023 07:57 AM

Yes of course, but the triage policy when you put it on a device (by changing a group), this policy means that if the scan doesn't fit, it will send it many times more than if it were in a "common" policy. That's why I was asking, what is the configuration to create a Triage policy that is "more insistent" with the issue of scanning endpoints?

0 Helpful

Ken Stieers
VIP
VIP
In response to jmandelbaum

‎08-08-2023 08:18 AM

"this policy means that if the scan doesn't fit"
What do you mean by this?
In my config, the only thing different between triage and not triage is that Tetra is turned on... (we also have Symantec in place, hoping to dump it soon, but AMP needs a firewall first).
Let's take a step back. If I were starting from scratch... I'd use the "Workstation" defaults that they publish for workstations for my Protect policy, and set Triage to block everything. Then I'd start turning more and more on in workstation until it got to be intrusive...
That's basically what we did... and with tuning, Protect is now everything on except Tetra...


0 Helpful
Customers Also Viewed These Support Documents