cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1525
Views
0
Helpful
1
Replies

Sandbox related queries in Cisco AMP for Endpoints

a) What is Sandbox scans of network shares in Cisco AMP for Endpoints and do we have any feature related to this?

 

b) Can we integrate FortiSandbox with Cisco AMP for Endpoints

1 Reply 1

Darren Lynn
Cisco Employee
Cisco Employee

Hi,

In relation to question 1, I'm not sure what you mean by Sandbox, but Cisco AMP can use the Malicious Activity Protection engine to monitor changes in files on a network share (Windows Connector only). It cant be used to manually scan the drive. 

 

https://console.amp.cisco.com/help/en/wwhelp/wwhimpl/js/html/wwhelp.htm

 

Question 2 - I have to ask why? Cisco AMP4E can automatically upload files (config dependant) to Cisco Threat Grid and produce a report. Secondly, this process is paramount to the retrospective function within the platform.

Lastly, if you have the Cisco AMP4E Advantage Tier, you get access to Threat Grid so you can interact with the file within the sandbox. 

 

In direct answer to the question, there is nothing native in AMP4E that allows you upload files to another sandbox. This would be a manual process to download the file from AMP4E and upload to a 3rd party Sandbox. This requires that the user account have 2FA enabled so limits the options to use API's to pull the files from within the console. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers