Hi,
running command
/opt/cisco/amp/bin/ampcli exclusions
will list those
or have a look directly at exclusions section in policy.xml in
/opt/cisco/amp/etc/policy.xml
best regards,
S.
Hi Natolin, when using subscription to specific event types in AMP console. That event type must be triggered. Though you may have tested with wanna cry, the detection may have come across our system as flagged via a simple threat detection on one ...
The bug was manifesting when the local.xml was corrupted and affecting updates of connectors. But it is now fixed for all versions that you can download from portal. However as always we encourage to use latest connector which is for now 5.0.7.
Hi Ryan,
Sorry for the inconvenience but those errors are safe to ignore. The log files itself will be limited at 50MB and we will keep up to ten of those files. Logging itself was introduced due to new features that were enabled in 5.0.x version and...
Hi Ryan,
those error messages are 'normal' happening when amp connector cannot reach the AMP cloud to perform lookup queries.
Regarding the slowness on WIN10 I would suggest you to upgrade to latest available version 5.0.5 and if the situation doesn'...
