Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi there, I'm submitting this question here because I don't see another way to get a hold of the Talos Intelligence Team. Lately, we've been receiving Firepower Security Intelligence Alerts for Cloudflare IP addresses flagged as malicious. Of course,...
Hi all, I was wondering if anyone knew of a good way to preserve the device trajectory events on a computer, so that it's not lost after 30 days. I know the Forensic Snapshot can be helpful, but how do I save all of the device trajectory events or ev...
Hi guys, I'm looking for any documentation that exists on how to search and filter for events in the Cisco Meraki Security Center. So for example, there are different fields that we can select but what do those fields mean and what will be returned? ...
Hello, I’ve attempted to email Talos Intelligence through the Support Ticket portal and also opened a Cisco TAC Case, but our Talos Intelligence reputation tickets have been stuck in a "processing" state for over a week. I haven’t received a response...
Hi there, we have recently been receiving alerts related to the following IPS rule on Cisco Meraki. It seems that this is generating a false positive whenever a user is accessing the Print Server. The vendor confirmed it is up to date with the latest...
Thank you, but it doesn't quite have what I'm looking for. I'm looking for the difference in these searches and what they mean. What does searching by Client, URI, Remote_IP, etc mean? Let's say I'm searching for Source IP 10.0.0.1 and Destination IP...
Thanks, Austin! I appreciate the confirmation—thought we were the only ones dealing with this. I opened a Cisco TAC case since there’s no direct way to email the Talos team for support. TAC confirmed they can't help because they don't manage the port...
Hi Anthony, I'm glad you asked this question because we have come across similar activity as well, where we get a Threat Not Quarantined alert for temporary (.tmp) files created by Werfault.exe. Even though we run a full scan and do file fetch, the ....
Hi all, I received a reply from Cisco TAC regarding this detection - a fix has been applied to the backend and should no longer display as a Cloud IOC. Thank you so much for confirming this was due to Windows 11 update!
Thank you, I've opened a Cisco TAC case and provided the debugging logs. I just want to know if this has been seen before and if it's expected behavior for Windows 11. If so, I'm hoping that the Cloud IOC can be fine tuned.
