Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
651
Views
0
Helpful
1
Replies

AMP Alert Cutoff

Trevor Walraven
Level 1
Level 1

‎08-03-2017 07:34 AM - edited ‎03-12-2019 06:28 AM

We receive AMP alerts frequently for malware attached to e-mail.  We aren't concerned so much about that malware because our filter is excellent at dropping those messages.  However, the alerts don't tell us enough information because they're cut off.  This is what we get:

<*- Network Based Retrospective at Tue Aug  1 16:13:57 2017 UTC -*> 

Sha256: f0d4ec15201ff5115cefeb3f29d523506fdd641807c0660689a9259f11bdc347

Disposition: Malware

Threat name: N/A

 

<*- Network Based Retrospective

From "<hostname>" at Tue

It cuts off after the day of the week.  It'd be nice if we could get the rest of the information in the e-mail so we can quickly determine if we should be concerned or not.

Is this a known issue?  Any suggestions on fixing it?  We're on FMC 6.0.1.3, build 1054.

Thanks!

Labels:
0 Helpful
1 Reply 1

Dinesh Verma
Cisco Employee
Cisco Employee

‎08-03-2017 07:43 AM

Hi Trevor,

This new retrospective malware event represents a disposition change for all files detected in the last week that have the same SHA-256 hash value. For that reason, these events contain limited information: the date and time the Firepower Management Center was notified of the disposition change, the new disposition, the SHA-256 hash value of the file, and the threat name. They do not contain IP addresses or other contextual information.

That's something known. Let us know for any query.

Regards,

Dv

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card