07-05-2018 12:50 AM
Hi team,
Kindly help to advise us on the situation below: if I add a pc with multiple application vulns into the whitelist, can the Dashboard detect and alert the admin when this PC come through the GW?
Thanks in advance.
Br,
hainm
07-09-2018 08:18 AM
If you're speaking of the "global whitelist" or when you right-click on an IP in a connection event, and choose whitelist (adds to global whitelist), then this will not effect detection of this host. This whitelist only pertains to Security Intelligence. For example you have a vendor or partner's public IP end up in an SI category, you can "whitelist" that IP to keep business running. That said, you should be suspect of whitelisting anything that has ended up in a Talos SI list.
07-09-2018 08:23 AM
Hi bro,
So u mean the whitelist host will not show up on the dashboard even it got vuls?
Best regards,
.:|:.:|:. Hai Nguyen
Systems Engineer | Cisco Systems Vietnam
Desk: +84 24 3974 6248 | Mobile: +84 904 373 746 | hanguye3@cisco.com<mailto:hanguye3@cisco.com>
07-09-2018 08:28 AM
No, the global whitelist (assuming that's what y we're all talking about) will only prevent Security Intelligence from blocking a packet to a known bad actor. Network discovery, access control, file and intrusion, etc policies will continue to function as configured.
07-09-2018 08:34 AM
Many tks bro.
Sent from my Samsung Galaxy smartphone.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide