Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
1
Helpful
3
Replies

Firepower Discovery Event "Host IOC set" What does this mean?

DannyDulin
Level 1
Level 1

‎03-15-2023 09:37 AM

I cannot for the life of me find anything more about the Discovery Event “Host IOC Set” except for:

This event is generated when an IOC (Indications of Compromise) is set for a host and generates an alert.

What does that mean?

Many of the events have a category of Impact 2 Attack; Event Type: Impact 2 Intrusion Event - web-application-attack.

What do I do about this?

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎03-15-2023 11:10 AM

This means any of the Host comprimised -  it will generate alert to your SIEM and generate Ticket to investigate the Host.

This will generate various co-relation of data.

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01110011.html

What do I do about this?  < - if you get this alerts you need to investigate this Host ( any malware or any other infected ) - generally take out from network and investigate, and suggest method always re-image to protect the network.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

DannyDulin
Level 1
Level 1
In response to balaji.bandi

‎03-15-2023 11:21 AM

How do I determine what has compromised the host?

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to DannyDulin

‎03-15-2023 07:55 PM

The logs will generate  - depending on the config and deployment.

You need to read more about deployment of IPS

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card