About johnosn

johnosn · 12-27-2021

Are there any recommendations on which queries from the Orbital catalog should be executed on a recurring basis to populate data into the Threat Response Private Intelligence remote data store and the frequency for which they should be run?Also, is t...

johnosn · 09-09-2022

An alternative to this would be to use the SecureX Orchestration workflow to remove inactive endpoints.0056-remove-inactive-endpoints

johnosn · 05-24-2022

Hey @Ken Stieers bug CSCvq59864 is not for the Google Chrome issue that occurred on 5/21/22. That bug has already been fixed. As far as I am aware the root cause analysis is under way, but a bug has not yet been entered for the false positive if one ...

johnosn · 05-20-2022

Hello @sv7 Are you by change referring to the Check Point Anti-bot software blade?If so, then there are two items that you would want to investigate. The first is Cisco Secure Endpoint "Device Flow Correlation". The best place to get a quick summary ...

johnosn · 05-20-2022

Here is the current list of Orbital queries that Device Insights uses for reference.-- users SELECT username AS localUsername FROM users WHERE type == "local"; -- logged_in_users SELECT user AS loggedInUser FROM logged_in_users WHERE user != "";...

johnosn · 05-20-2022

Hello @ggadaleta I do have Device Insights enabled with the sources from Cisco Secure Endpoint and Cisco Orbital enabled. What I am seeing is that the Associated User field is populated from the deduplicated results of the following two Orbital queri...

Member Since	‎10-24-2017 10:22 AM
Date Last Visited	‎08-30-2023 12:33 AM
Posts	25
Total Helpful Votes Received	78

User Statistics

User Activity

Orbital queries for Threat Response Private Intelligence

Re: Secure Endpoint Advantage API v3 how to remove old computers

Re: Bug Listing for AMP

Re: Does Cisco amp supports Antibot

Re: Security Endpoint associated user to computers

Re: Security Endpoint associated user to computers