This event had place on Tuesday 18th, February 2020 at 10hrs PDT
Ben Greenbaum is a Technical Marketing Engineer with over twenty years of experience in the Cyber Threat Intelligence field, primarily in the realm of product design and development. His security software career has included roles that span development, architecture, product design, and management of research and development teams. At Cisco, his role is largely to be a liaison between customers and engineering, and to help users get the most from the Cisco Security architecture.
You can download the slides of the presentation in PDF format here.
Q: Can we integrate Cisco TR with third party security vendors like Malware protection for trend micro
A: Threat Response is designed with an 'API first mindset', our open API will allow integration to any piece of threat response (enrichment, privet intelligence, etc..).We do have an engineering team solely dedicated to third party integrations that actively releasing new features. The browser extension Ben demonstrated can be used with any tool accessed with a browser.
Q: So, if we use Splunk SIEM, we could see that in the Threat Response console?
A:Yes, you can definitely use Splunk SIEM with CTR plug-in, and an out-of the-box integration is coming soon!
Q: Can I use CTR with just FTD or will I always have to have a valid AMP4E / TG account?
A: Yes, can use CTR with Firepower.
Q: I am a regular user of CTR. I don't believe the Umbrella API is ready for this as I experience consistent timeouts on that enrichment activity.
A: We agree the enrichment took too long. We will Definity review this with the Engineering team.
Q: Are there plans to ramp up the capacity ability of the Umbrella API so it doesn't time out when there's more than 10-20 observable?
A: We're glad to hear that you are a regular user of CTR. We are aware of the API limitations and are looking at improving the issue. Thanks for your valuable feedback, our team is dedicated to making Threat Response better.
Q: The click/change, is there any way to get a change report each day?
A: If you are looking to capture the relations graph, we have a "snapshot" feature which is a downloadable JSON.
Q: I just want to clarify these products Cisco Umbrella and StealthWatch are both hardware and software?
A: Umbrella - Cloud, StealthWatch Enterprise are hardware.
Q: So, the solution is putting together the report as the presenter speaks?
A: Yes, that's correct.
Q: It is showing the threats, does it indicate any currently active risk?
A: At the bottom of the page you can see a sightings timeline. There does seem to be some very recent activity.
Q: Can you block IP address on Firepower?
A: It is possible, currently. It’s different to the response actions that are available from the product directly, the ones mentioned at the beginning of the presentation, but it’s technically feasible.
Q: What min type of license we must have to use Threat Response on Firepower?
I'm pulling my hair out here. I have a HQ site, and branch site each with an ASA. Site to site works fine. I had local natting on each, and clients could access the internet using their local internet connection. I want to now FULLY tunnel the branch...
It is disappointing that the Retire isn't available today, especially RADIUS supports something similar, ie, secondary shared secret. It's only supported via GUI. That is a major deficiency, IMO. Can you please make it a priority to have it sup...
Im trying to run asdm.jnlp but Iced Tea crashes after a bit: net.sourceforge.jnlp.LaunchException: Fatal: Launch Error: Could not launch JNLP file. The application has not been initialized, for more information execute javaws/browser from the c...
Hello Professionals,Please provide me a good document or video URL that explains all configuration to be done to integrate ISE with JAMF as an MDM server.I want ISE to check with JAMF for device compliance before it gets access to company Wireless network...