1352
Views
25
Helpful
1
Replies
Scan Cisco Endpoint Protection for specific IoCs?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2022 11:28 PM
Is there a simple way to search my org with Cisco Endpoint for a specific IoC?
I can find details on a specific IoC when I search the upper corner, but it doesn't tell me if its ever showed up on my network.
Point me in the right direction if you can. Whitepapers, guides, youtube videos, etc. Anything is welcome. I'm filling in and not sure what the next step is.
Labels:
- Labels:
-
Endpoint Security
1 Reply 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2022 04:47 AM
If its dormant on a box somewhere and hasn't been touched by anything for a while you'll want do an IOC scan
https://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/118899-technote-malwareprotection-00.html
This is also a classic use case for Cisco Threat Response, but for that to be useful, you need to have gotten started with SecureX (free with your AMP license.
https://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/118899-technote-malwareprotection-00.html
This is also a classic use case for Cisco Threat Response, but for that to be useful, you need to have gotten started with SecureX (free with your AMP license.
