Is there a way to create a device profiling condition/policy based on data arriving from PassiveID? For example, Passive Authentication record arrives over WMI, if end point in subnet range, activate NMAP os scan? Thanks!
Recently updated FMC to 6.2.0.1. Estreamer client now only sends 5 or so events and then the estreamer client fails, both on Splunk and host-based client testing. Also, the server does not seem to respond to changes in the event type delivery opti...
I am trying to find a way to integrate Splunk and the FireSight Database using the Database access API. Currently, we are using eStreamer for low volume events and syslog alerting for high volume events, such as connection events (as eStreamer choke...
Is there a way with either a Simple or Advanced Custom detection to stop a browser extension install or to remove/detect an existing one? Can you configure an IOC scan to Quarantine a file?
We are having an issue with IP Black/White list. We've developed a containment policy which whitelists several necessary addresses (e.g. AMP addresses and DNS services), and configured the blacklist to the rest of the network's private IP address sp...
After a reboot of the FMC, the reference client (latest supported version, have have tested encore) grabs events correctly, however, the estreamer splunk app client still fails after 5 or so events, and only discovery events.
This is great news!
Is there anyway I can get on the beta release schedule for the App? This is a pressing issue for us. I can reach out to my account team, if that helps.
Essentially, I have to find a way to write a clam AV signature myself, either with HEX signature for the extension ID string or a sha256 of the extension HTML files. No response on why there is not an AMP record of the file IO event when the extensi...
