Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All, I'm trying to get some clarity around how Cisco Meraki Security Center rules work, specifically how to whitelist. For example, if I have two internal devices talking to each other and Meraki blocks the network connection because it meets an I...
Hi there, I'm submitting this question here because I don't see another way to get a hold of the Talos Intelligence Team. Lately, we've been receiving Firepower Security Intelligence Alerts for Cloudflare IP addresses flagged as malicious. Of course,...
Hi all, I was wondering if anyone knew of a good way to preserve the device trajectory events on a computer, so that it's not lost after 30 days. I know the Forensic Snapshot can be helpful, but how do I save all of the device trajectory events or ev...
Hi guys, I'm looking for any documentation that exists on how to search and filter for events in the Cisco Meraki Security Center. So for example, there are different fields that we can select but what do those fields mean and what will be returned? ...
Hello, I’ve attempted to email Talos Intelligence through the Support Ticket portal and also opened a Cisco TAC Case, but our Talos Intelligence reputation tickets have been stuck in a "processing" state for over a week. I haven’t received a response...
Hi olasupoo, This is exactly what I was looking for. So I have confirmation now that there's no good way to whitelist in Cisco Meraki; it's an all or nothing approach. Which is not good in my opinion. If organizations are using Meraki as their Firewa...
Thank you, but it doesn't quite have what I'm looking for. I'm looking for the difference in these searches and what they mean. What does searching by Client, URI, Remote_IP, etc mean? Let's say I'm searching for Source IP 10.0.0.1 and Destination IP...
Thanks, Austin! I appreciate the confirmation—thought we were the only ones dealing with this. I opened a Cisco TAC case since there’s no direct way to email the Talos team for support. TAC confirmed they can't help because they don't manage the port...
Hi Anthony, I'm glad you asked this question because we have come across similar activity as well, where we get a Threat Not Quarantined alert for temporary (.tmp) files created by Werfault.exe. Even though we run a full scan and do file fetch, the ....
Hi all, I received a reply from Cisco TAC regarding this detection - a fix has been applied to the backend and should no longer display as a Cloud IOC. Thank you so much for confirming this was due to Windows 11 update!
