As part of Cisco Customer Experience program, we are working towards a more uniform user experience and terminology harmonization. This program runs across all Cisco security products.
We are aligning the terminology used in the system across Cisco and the network security industry. As a result, these changes have been implemented:
Activities are renamed to Anomalies
Severity of Activities is renamed to Risk Factor It varies from 1 to 9, and now it will also be categorized as low – medium – high - critical, represented in different colors: Low (blue) for 1 to 5, medium (yellow) for 6 to 7, high (amber) for 8 to 9 and critical (red) for 10.
Updated Terminology in the Incident Detail
Permanent Filter is now Ignored Networks The functionality to exclude some IP addresses or subnets from the list of incidents is improved and renamed from Permanent Filter to Ignored Networks. The alerts for hosts matching the configured subnets will also be excluded from reporting in AMP for Endpoints, Stealthwatch, and STIX/TAXII feeds.
You can enable Casebook using the icon or in the Cognitive Threat Response menu.
Better support for moving indicators from the page to Casebook will be improved in subsequent releases.
New Confirmed Threats
In August and September, we added to our growing list of machine-learning-poweredConfirmed Threat detections provided by theCognitive Intelligenceengine. We added two net-new Confirmed Threat types (see list below) and increased detection rates for previously-existing Confirmed Threats in the past six months.
List of new Confirmed Threat types in August and September:
Confirmed Threat ID
Malware - Dropper
Phorpiex infects machines to deliver follow-on malware. Phorpiex has been known to drop a wide range of payloads, from malware that sends spam emails to ransomware and cryptocurrency miners.
Malware - File Infector
The Parite virus is a polymorphic file infector that resides in memory and attempts to disable antivirus solutions. It infects executable files on the local file system and on writeable network shares. Generally classified as a high-risk threat.
Sample Finding of new Confirmed Threat CTAL0194 Phorpiex Trojan
Confirmed Threat Updates
Our semi-automatic Indicator-of-Compromise (IoC) hunt processes (seeMachine Learning Backend Improvedblog) allowed us to increase the IoC coverage of existing Confirmed Threats. In August and September, we observed the re-emergence of the Emotet trojan (see Talos blog) and accordingly identified 97 new IoCs. In total, we added more than 600 high-risk IoCs and 40 mid-risk IoCs, covering over 20 different Confirmed Threat types.
Meet the Authors Event - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond
(Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 29th, April 2021 at 10...
Hello All, We are in the process of evaluating Cisco ISE as our AAA Server. Our IA Department is wanting to know what Web Server (Apachee...???) or Services or Application Server does Cisco ISE use? The information is not jumping out at us. ...
I see there's a OVA for ISE, but not for ISE-PIC? Any specific configurations I need to make the virtual for smaller environments, i.e. under 200 device on the network per step1? Step 2, again not sure where to find a OVA unless I'm not understanding some...