As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
New features added to Cognitive Intelligence beta GUI
As part of our continuous efforts to improve productivity and drive efficacy, additional features have been added for customers with Early Access to the new GUI enabled:
Now it’s possible to filter alerts by risk, selecting one or more risk levels. This filtering, in combination with the status of the alert (New, investigating, remediating, remediated, false positive and ignored) allows you to focus on the alerts that are important for you.
Asset group business value tool-tip
When checking the details of a specific alert, it will be possible to quickly consult the value of a specific asset group, just by hovering over it.
Affected asset count
In order to quickly assess the scope of a threat, we will be able to see at a glance the number of assets that are affected by a specific threat type, as well as the number of alerts related to it.
It will also be possible to see how many assets belong to a specific asset group, which can give us some hints about the priority that we should assign to it:
New anomaly description for sinkhole classifier
Cognitive is capable of detecting when a known DNS server is giving out a false result for a domain name, and therefore a connection has been sinkholed. It will explain it accordingly in a new anomaly description, so security analysts can understand the proper context of an alert.
We can see it under an Alert -> Alert detail -> Anomalies section
New Confirmed Threats
List of new Confirmed Threat types in September:
Remote Access Trojan (RAT)
BLINDINGCAN is a remote access trojan (RAT) which gives the attacker complete remote control and administration of the infected device. This RAT is associated with a malicious cyber activity by the North Korean government as HIDDEN COBRA. RATs are used in targeted attacks, espionage, financial theft, and stealing of sensitive corporate information. Commonly used by malicious actors to bypass second-factor authentication methods.
Do I need to disable per-session for youtube videos? or TV traffic?I didn't ask this for streaming btw, I meant for receiving youtube data xlate per-session deny tcp youtube port any any Do we have the same concept on ASR routers too, after the ...
I am new to Cisco VPN configuration, and I am trying to connect my ASA5508 router to a proprietary device via an IPSec tunnel and I get the following error:3Oct 25 202012:29:03751022 Local:220.127.116.11:4500 Remote:18.104.22.168:45...
The AAA server for ASA Remote VPN is ISE.Identity resides in ISE.I want to apply ACL for some VPN users.Can Downloadable ACLs be applied for each VPN users?Note) The Posture feature is also being used.
Hello Everyone! I'm aware of the Show access-list command, which I regularly use on a Cisco ASA to display the ACLs usage statistics. I'm wondering if there's any way to display the acls based on the usage, i.e. with top hit counts first or ACL...