Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Are there any recommendations on which queries from the Orbital catalog should be executed on a recurring basis to populate data into the Threat Response Private Intelligence remote data store and the frequency for which they should be run?Also, is t...
Hey @Ken Stieers bug CSCvq59864 is not for the Google Chrome issue that occurred on 5/21/22. That bug has already been fixed. As far as I am aware the root cause analysis is under way, but a bug has not yet been entered for the false positive if one ...
Hello @sv7 Are you by change referring to the Check Point Anti-bot software blade?If so, then there are two items that you would want to investigate. The first is Cisco Secure Endpoint "Device Flow Correlation". The best place to get a quick summary ...
Here is the current list of Orbital queries that Device Insights uses for reference.-- users
SELECT username AS localUsername
FROM users
WHERE type == "local";
-- logged_in_users
SELECT user AS loggedInUser
FROM logged_in_users
WHERE user != "";...
Hello @ggadaleta I do have Device Insights enabled with the sources from Cisco Secure Endpoint and Cisco Orbital enabled. What I am seeing is that the Associated User field is populated from the deduplicated results of the following two Orbital queri...
