01-30-2017 12:36 PM - edited 03-10-2019 06:45 AM
We (like anyone) get a ton of malware via SMTP. It gets blocked but I have no way to report to management what the malware was, what the business risk is, etc.
Cisco support said to turn on capture so it can get the file on Firesight, but still there is no way I can see to give me a full "This was a Locky variant that has a CVE of xxx.x, you can read more on this here"
Surely there is a place to go in Talos or via the actual SHA value to see what the malware was' no?
Thanks
Bob James