Why am I receiving timeout messages when I conduct queries in Cisco Threat Response (CTR)?
I see, "2 of 3 enrichments complete with 1 Alert"
When I open the alert, it says, "There was a timeout in the 'AMP for Endpoints' module. Retrieved 55 computers, processed AMP events from 10 of 55 computers."
This may happen occasionally on large AMP deployments. Here's what's happening: CTR implements a 60 second limit for all enrichments, and will wait for that period of time to retrieve results from any enrichment, including AMP, Umbrella, etc. We are exploring a model for long-running enrichments returning progressive results. CTR will also truncate results to a maximum number of sightings per observable per module. As our integrating products APIs become more performant and tuned to CTR use cases, we will continue to expand the scope of what CTR is capable of ingesting, aggregating, and displaying to the user.
For exhaustive information during an investigation, go to the original sources. In this case, since you know which observable had the hits, and timed out, you can easily pivot on that observable into AMP.
i have been asked to list a switch under radius control , some switches are already added under it but im supposed to add any switches that arent , can i simply add the same command to other switches? also the key is made of numbers do i just paste the ke...
In order to use Citrix, I followed the instruction in the URL: https://answers.uillinois.edu/illinois.engineering/page.php?id=81722. I selected '3_Tunnel All' when connecting the VPN. However, the connection failed, and I can no longer acce...
I recently purchased a Cisco ASA-SSM-AIP-20-K9 AIP Security Advanced Services Module from eBay and installed it into my Cisco ASA5540 firewall. It is shown properly, using the "show inv" command. I just need help in figuring out how to install...
Hi,We have a schedule ASA (HA) 5585-X up-gradation scheduled for next week end. Current ASA version is 9.1(6)10, & we are planing to upgrade to 9.8(4) 10 version.Please let me know, if i can directly upgrade to 9.8(4)10 version from current 9.1(6)10, ...