Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1972
Views
0
Helpful
1
Replies

Sandbox related queries in Cisco AMP for Endpoints

pavankumar.kakarla
Level 1
Level 1

‎06-09-2020 11:13 AM

a) What is Sandbox scans of network shares in Cisco AMP for Endpoints and do we have any feature related to this?

 

b) Can we integrate FortiSandbox with Cisco AMP for Endpoints

Labels:
0 Helpful
1 Reply 1

Darren Lynn
Cisco Employee
Cisco Employee

‎06-09-2020 05:13 PM

Hi,

In relation to question 1, I'm not sure what you mean by Sandbox, but Cisco AMP can use the Malicious Activity Protection engine to monitor changes in files on a network share (Windows Connector only). It cant be used to manually scan the drive. 

 

https://console.amp.cisco.com/help/en/wwhelp/wwhimpl/js/html/wwhelp.htm

 

Question 2 - I have to ask why? Cisco AMP4E can automatically upload files (config dependant) to Cisco Threat Grid and produce a report. Secondly, this process is paramount to the retrospective function within the platform.

Lastly, if you have the Cisco AMP4E Advantage Tier, you get access to Threat Grid so you can interact with the file within the sandbox. 

 

In direct answer to the question, there is nothing native in AMP4E that allows you upload files to another sandbox. This would be a manual process to download the file from AMP4E and upload to a 3rd party Sandbox. This requires that the user account have 2FA enabled so limits the options to use API's to pull the files from within the console. 

0 Helpful
Customers Also Viewed These Support Documents