cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

FAQ Community Live- How to optimize your Cisco Security investments with Threat Response

300
Views
0
Helpful
0
Comments

 

This event had place on Tuesday 18th, February 2020 at 10hrs PDT 

Introduction

Event slides

 

Featured Expert

BenG.pngBen Greenbaum is a Technical Marketing Engineer with over twenty years of experience in the Cyber Threat Intelligence field, primarily in the realm of product design and development. His security software career has included roles that span development, architecture, product design, and management of research and development teams. At Cisco, his role is largely to be a liaison between customers and engineering, and to help users get the most from the Cisco Security architecture.

You can download the slides of the presentation in PDF format here.

 

Live Questions

Q: Can we integrate Cisco TR with third party security vendors like Malware protection for trend micro

A: Threat Response is designed with an 'API first mindset', our open API will allow integration to any piece of threat response (enrichment, privet intelligence, etc..).We do have an engineering team solely dedicated to third party integrations that actively releasing new features. The browser extension Ben demonstrated can be used with any tool accessed with a browser.

 

Q: So, if we use Splunk SIEM, we could see that in the Threat Response console?

A:Yes, you can definitely use Splunk SIEM with CTR plug-in, and an out-of the-box integration is coming soon!

 

Q: Can I use CTR with just FTD or will I always have to have a valid AMP4E / TG account?

A: Yes, can use CTR with Firepower.

 

Q: I am a regular user of CTR. I don't believe the Umbrella API is ready for this as I experience consistent timeouts on that enrichment activity.

A: We agree the enrichment took too long. We will Definity review this with the Engineering team. 

 

Q: Are there plans to ramp up the capacity ability of the Umbrella API so it doesn't time out when there's more than 10-20 observable?

A: We're glad to hear that you are a regular user of CTR. We are aware of the API limitations and are looking at improving the issue. Thanks for your valuable feedback, our team is dedicated to making Threat Response better.

 

Q: The click/change, is there any way to get a change report each day?

A: If you are looking to capture the relations graph, we have a "snapshot" feature which is a downloadable JSON.

 

Q: I just want to clarify these products Cisco Umbrella and StealthWatch are both hardware and software?

A: Umbrella - Cloud, StealthWatch Enterprise are hardware.

 

Q: So, the solution is putting together the report as the presenter speaks?

A: Yes, that's correct. 

 

Q: It is showing the threats, does it indicate any currently active risk?

A: At the bottom of the page you can see a sightings timeline. There does seem to be some very recent activity.

 

Q: Can you block IP address on Firepower?

A: It is possible, currently. It’s different to the response actions that are available from the product directly, the ones mentioned at the beginning of the presentation, but it’s technically feasible.

 

Q: What min type of license we must have to use Threat Response on Firepower?

A: 6.3+ or higher will work with CTR.

 

 

Related Information