About stipend

stipend · 05-24-2024

In our Incoming Mail Policies, we have a policy for blocked senders. In that policy, there is a single Sender/Recipient rule which holds all the blocked senders. Is there any way prevent users from adding more rules and limit their access to only edi...

stipend · 07-13-2023

This VMware article says to exclude certain files from real-time scanning. Is that different from scheduled scans?Are the two different? I'm guessing they are since for AMP to work and detect malicious files and processes, it needs to be conducting r...

stipend · 04-05-2023

My ultimate goal is to have some form of CMD line logs sent into Splunk. Due to reasons, Sysmon or any other tool is not possible. We only have AMP logs being sent to Splunk. Currently we only get what CMD line arguments were used if there is a cloud...

stipend · 04-03-2023

We have a "Exfiltration" alarm that triggers between several source hosts and a single target host. For example, I've created a host group A for the source hosts and host group B for the target hosts.How can I stop the "Exfiltration" alarm from trigg...

stipend · 02-22-2023

I'm trying to use this API: https://developer.cisco.com/docs/cloud-security/#!add-destinations-to-destination-listBut I keep getting a "400 Bad Request" response and I cannot figure out why. Below is what I'm trying: {"statusCode": 400,"error": "Bad ...

stipend · 04-19-2023

For Slow Connection Flood consider turning the "when host is source" to "on" for the Inside Hosts default policy. Because you shouldn't see this very much between inside hosts (as discussed in more detail in the documentation for this alarm), you p...

stipend · 04-18-2023

I tried the Relationship Alarm but I found that to be too generic as you said. I instead created a role policy which says to Ignore alarm when A is source and "On+Alarm" when A is target. Its too bad though there is no definitive way to make a policy...

stipend · 04-14-2023

Sorry not sure why I put Exfiltration. The alarm is actually for Slow Connection Flood.Yes both these host groups are in Inside Hosts. They are both inside host groups that communicate with each other and have legitimate traffic. I would like exclud...

stipend · 02-22-2023

Well, thats the thing. I'm not sure what the body is supposed to look like. They gave an example of the request body. I tried mimicking the query parameters to what they show in the schema definition (see screenshot in the original post). I tried mim...

Member Since	‎02-21-2023 07:25 AM
Date Last Visited	‎05-30-2024 01:01 AM
Posts	10
Total Helpful Votes Received	1

User Statistics

User Activity

Anyway to limit the rules/filters users can edit in a policy?

Are real-time scans different from scheduled scans?

Secure Endpoint / AMP : Possible to capture ALL cmd line arguments?

Excluding an alarm between two host groups

Umbrella Cloud Security API - Add Destinations to Destination List

Re: Excluding an alarm between two host groups

Re: Excluding an alarm between two host groups

Re: Excluding an alarm between two host groups

Re: Umbrella Cloud Security API - Add Destinations to Destination List