we already have issue with 8.1.7 on 50+ Windows 10 machines. Had to rolled back to 8.1.5.black screens, unable to boot, cscript.exe error loading application popup, and bunch of other weird issues. we had no free time to work with TAC to troubleshoot...
Hi, I usually look at the Connection > Events Log on FMC to see which traffic hit with which ACL. You can also use Packet Tracer on FMC to determine which traffic allowed or blocked. thanks Lam Nguyen
just for this, Cisco AMP already lost the battle to Symantec Endpoint Protection(SEP). SEP can detect and block ports scanning very well. We are deciding to get rid AMP and keep SEP or other way around.
ctr i think enabling Cisco Cloud but you need to register an account. im still a newbie with CTR. https://visibility.amp.cisco.com/ link to CTR and remember to add Firepower module.
im having same question and im looking for any opensource SIEM or external logging for the FMC since logs get rotated to fast. looking into ELK stack but having issue setting it up