I am observing the event File_Malware_Event triggered from the Cisco Source File console. On SIEM console , I have checked the payload fileEventData.direction = 2 and fileeventData.action=3. Traffic observed from the source IP 10.13.x.x towards the destination IP 10.13.x.x over the port 445.
I am unable to understand this event and can someone help me on this. Am i safe or should I need to pay any attention.
Based on your source and destination IPs looking like they are both inside your network I would definitely look into those hosts! Check the FMC to figure out the direction and action events to correlate with your SEIM console and then you will know what they mean.
IntroductionFeatured AuthorsLive QuestionsQ: How is automation part of the Zero Trust framework?Q:What do you think is the biggest difference between work in cybersecurity and network security?Q: I got the old CCNA R&S, as we know there...
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event had place on Thursday 29th, October 2020 at 10hrs P...
Get more with Firepower 6.6.1 – Cisco’s latest suggested release
The latest suggested release for Firepower delivers a Modernized UI, faster eventing, improved usability, and compatibility with the Cisco SecureX platform
In September 2020, Cisco of...
This is a work in progress. I will be working as the SME for pxGrid to update some questions, answers and general information here as time permits.
In my setup I see pending approvals under Web clients but also All Client?
In pxGrid 1.0, we have “Dynam...
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...