Not being a security expert what does one do when they see IOC events within FMC? What are the actions that are normal to be taken when these events are logged to determine their validity??? I am still confused when I see events like in the attached ...
Forum Posts
Hi,I have deployed Security Onion using snort2 system. I am getting alerts for some ET rules how to find the equivalent rule to block it on FMC/FTD.suppose I have below . how to find snort3 equivalant and block it as its passed by fmc/ftd and our ids...
We are constantly receiving the Health Monitoring message "AMP for Network Status - Successfully connected to cloud. FTD1: Number of files detected in traffic exceeds module threshold.We believe this is due to File Sharing between our hosts and our F...
I have Firewall model Cisco ASA5516-X Threat Defense with IOS software version 6.6.5.1-15 and ill do upgrade to IOS version Cisco_FTD_Upgrade-7.0.1-84.sh.REL.tar so i need help to get the correct steps to follow in sequence and also my question abou...
I have a requirement to bypass traffic inspection or whitelist ip addresses to allow pen testing to take place on our external IP address range. Previously achieved this using service policy on ASA's. With FTD's is the best option to use pre-filters ...
i have Cisco ASA5516-X Threat Defense with ios version (75) Version 6.2.3.17 (Build 30) and i intended to upgrade to 7.0.1 but i have to go 1st through 6.4.0 so i upgraded the ASA to isco ASA5516-X Threat Defense (75) Version 6.4.0 (Build 102) then t...
Hi Team, Kindly need your suggestion/help if anyone experienced like this In my office, we've FMCv and Manage 2 Appliance Firepower 1120 with HA configuration But, last week, Our HDD server (that hosting FMCv), is corrupt Fortunately, there's no imp...
Hi Cisco Experts! Good Day! Our Firepower sensor in Cisco 5516-X is not accessible anymore in ASDM. I can access ASDM with all firewall configs still intact. Only missing is the SFR configurations. Usually under Firewall Configuration, I could see ...
What is ASP in ASA?How it works.Router forward Traffic based on CEF.then How ASA Forward traffic?
Resolved! Exclude device from IPS policy?
Assuming you're using FMC, how would you exclude a given IP address from a specific IPS alert? For example, system traffic was blocked due to a specific malware definition but it was determined that the traffic was legitimate and you only want to ex...
Hello community, we are operating Cisco IPS sensors connected to FTD, however we noticed the category WEB-applications in the signature list it generates every month a lot of false positive alerts. I'm able to disable specific revision of signatures ...
Hi,I have two FTD's managed by FMC. at times its cpu hits 100 % . I figured out that when there is heavy traffic passing through two interfaces the snort process chokes one cpu.there is 230Mbps data throughput between two zones/interfaces on FTD when...
Dear Cisco IDS/IPS Experts,I have two questions:1. Can the Firepower IDS/IPS detect Layer-2 attack based on EtherType and MAC address anomalies?2. Based on my experience 4-5 years ago, no IDS/IPS can detect Advanced Persistent Threat (APT). The anoma...
Hi, looking for some help. i am working on a firewall with 750 rules. most of these rules are not set to log. is there any way to apply logging (at end) to a select bunch of rules in one hit. or am i looking at clicking 750 rules one at a time to swi...
Dear friends, I have a system comprised of an ASA FirePOWER version 5.4.0.5 and a FireSIGHT 6.0.0 (running on top of VMware). I installed the latest patch (patch 4). I configured an access policy including URL Filtering (it's correctly licensed). ...
