About RalphNelson

RalphNelson · 12-06-2023

Hello everyone, does anyone have any idea how I can see exactly which processes have been killed? In Secure Endpoint I can only find the file observables but no command line. How would you continue your research here? Thanks in advance.

RalphNelson · 02-01-2023

Hello,I would like to test the "automated actions" in which the computer is isolated at a "critical severity". What are the basic ways to test this? As an example I would like to test this IOC: JS.Trojan.Generic_48153.ioc "This IOC fires when a URI p...

RalphNelson · 01-23-2024

Check the wscript.exe alert event details! (Detected as w32.4173FC5A68.infostealer-psexec.talos.sso) See Annoucements Sections (Secure Endpoint) False Positive Detections Important Issue Cisco is aware of the false positive detection(s) related to ...

RalphNelson · 11-24-2023

It looks the same here. We receive 5-10 alerts per day on this topic. Is there any news from Cisco or has someone already opened a new TAC?

Member Since	‎02-01-2023 03:29 AM
Date Last Visited	‎01-31-2024 12:26 AM
Posts	4
Total Helpful Votes Received	1

User Statistics

User Activity

Endpoint Security Process Killed

Secure Endpoint - Outbreak Control - Automated Actions - Isolate Test

Re: Multiple false positive events for wscript.exe

Re: Powershell Command in Registry Data