08-21-2017 08:53 PM - edited 02-21-2020 06:13 AM
I was interested in if anyone had a playbook they could share as it pertains to FirePower Managment center? If no playbooks can anyone share what their steps are as to:
1. What you personally investigate first? Impact 1?, IOC, Malware alerts...
2. What Cisco Recommends whats investigated first?
3. Cisco documentation on recommended steps for analysis?
01-12-2018 06:59 AM
Hello,
I didn't found any useful documentation, I can advice to look in other books but in general I would say
Impact 1 and Impact 2 events not blocked
01-12-2018 07:02 AM
What would stop an impact 1 or 2 event from being blocked? A Signature set to alert only?
01-12-2018 07:07 AM
Each signature can be set in Drop/Generate events/Disable state , depends how you configure it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide