Solved: Re: ETA, Cognitive Intelligence, SLIC Inter-dependencies

reheindel · ‎08-13-2019

I apologize if this has been asked/answered - but I am looking for answers on the inter-dependencies of ETA/Cognitive Intelligence, and most specifically the SLIC feed.

We are purchasing new flow sensors with anticipation of taking advantage of the ETA capabilities in 7.1 for internet traffic

We had NOT planned on purchasing the SLIC feed license

Can I still expect to get the benefits of ETA/Cognitive Intelligence without the SLIC feeds?

Thanks in advance for the assistance!

Bob

brford · ‎08-22-2019

The short answer is Yes.

The Threat Intel Feed (also known as SLIC Feed) is an IP Blacklist that lives on and is updated at your SMC. The big advantage of SLIC is that it is fast. If an external IP matches an IP on the Threat Feed list then there is an alarm.

Cognitive Threat Analytics requires that data about a connection involving an external IP be sent to the cloud for analysis and risk scoring. Cognitive Intelligence takes longer but is able to identify threats based on their communications and behavior characteristics rather than on just matching an IP address.

Cognitive returns a risk score which is valuable in that it helps you triage your work; looking at the highest risk connections first and then working through a list to lower risk connections.

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

View solution in original post

brford · ‎08-22-2019

The short answer is Yes.

The Threat Intel Feed (also known as SLIC Feed) is an IP Blacklist that lives on and is updated at your SMC. The big advantage of SLIC is that it is fast. If an external IP matches an IP on the Threat Feed list then there is an alarm.

Cognitive Threat Analytics requires that data about a connection involving an external IP be sent to the cloud for analysis and risk scoring. Cognitive Intelligence takes longer but is able to identify threats based on their communications and behavior characteristics rather than on just matching an IP address.

Cognitive returns a risk score which is valuable in that it helps you triage your work; looking at the highest risk connections first and then working through a list to lower risk connections.

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.