- last edited on by
- Coordination of activities among Firepower, Umbrella, AMP, Email Security, Threat Grid, and Talos in order to improve threat hunting efficiency
- Reduced adversary dwell times through rapid responses from AMP and Umbrella from a unified response console, in as little as two clicks
- Simplified access and module configuration
To participate in this event, please use the 
button below to ask your questions
Ask questions from Tuesday 18th to Friday 21st of February, 2020
Ben Greenbaum is a Technical Marketing Engineer with over twenty years of experience in the Cyber Threat Intelligence field, primarily in the realm of product design and development. His security software career has included roles that span development, architecture, product design, and management of research and development teams. At Cisco, his role is largely to be a liaison between customers and engineering, and to help users get the most from the Cisco Security architecture.
**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
@ciscomoderator wrote:
- You can see historic activity, but can you see real time activity for a specific issue? For instance, in one scenario you think you have put the resolution in place but management wants to know it has definitely worked
Many sightings will report if the attempt was allowed or not. So for example if you are investigating a domain, and Umbrella returns a sighting on that domain, it may say in the "resolution" column that the connection was allowed. Then if you block that domain in Umbrella, you can pivot into Umbrella to see the blocklist and cofirm that the domain was added, and you can also test a conneciton to that domain and see that it was blocked, and in the Threat Response interface if you investigate the domain again, you will see a new sighting on the domain with a resolution of "blocked". see the example image below:
