AMP Cisco Security

AMP For Endpoints: Running IoC Scans

One cool feature included in AMP4E is the capability of running IoC scans.

Once you’ve rolled out the connector among the users’ computers you just need to upload the IoC files to your AMP4E dashboard and then choose whether to execute a scan on a single computer or for all the computers assigned to a particular policy.

Note that AMP4E doesn’t support STIX and hashes are MD5 instead SHA256. The files formar is XML. In this respect, there is room for improvement. In my opinion, sooner than later Cisco will catch up on this, but so far there is no roadmap as far as I know.

You can get IoC files from free repositories like iocbucket or from your favourite threat information source. Cisco provides a few examples here

May you find the steps below:

    1. Upload de IoC files:
    2. Select the specific computer or the computers belonging to a particular policy:
    3. Check the scan progress:
    4. Review the scan results:

Get more info at Cisco official documentation here

 

Related Posts

No Comments

Leave a Reply