This script was designed to make up for the changes made to the history.db file after v5.0 was released. The goal is to help you identify what A4E is scanning in order to determine the best exclusions for your environment.
The attached bash script will allow you to convert your *debug* sfc.exe.log and sfc.exe_DATE_TIMESTAMP.log files to a CSV file. This CSV can then be used to see the following data:
1. Timestamp of when a file was scanned.
2. The path+filename of the scanned file.
3. The path+filename of the parent process.
When you run the script it will output the most active processes by count to the terminal. The list of scanned files will be located in the 'data.csv' file.
In order to use the script simply extract it to the same location as your log files and make it executable (chmod +x).
Run the script on its own with './handle_count.sh' without the quotes.
Depending on how many log files you have it may be quick or take a couple of minutes. Remember that the more log files you have the better picture you will have of the activity on the system.
This script has been tested internally and works on Ubuntu, Ubuntu on Windows 10, and OSX. It is also *unsupported* by TAC.
Dear All, I am trying to apply Security Intelligence to FTD Access Control Policy via FMC.(And Using Evaluation License for now) When I add some category(ex. Network - Attackers, Phishing etc) to "Add to Block List" and mouse over to added one,i...
Please help, I keep getting the following error pop up in my finder "The VPN client agent was unable to create the management tunnel component." I'm using a MacBook Air. I tried to uninstall Cisco Webex by putting it in the trash, emptying the trash ...
Hi all, I built the following TACACs config for a customer as part of a LAN refresh project. It works fine when the TACACs servers are operational. We had an incident where both TACACs servers weren't reachable, and the CLI was extremely slow to...
Hello experts!The new unified health monitoring page in Firepower Management Center does not load and reverts back to the legacy health monitoring page. I'm running 7.1 at the moment but had the same issue on 7.0 and 6.7. I have 1 FPR1010 added to FMC.&nb...