Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
0
Helpful
3
Replies

Anyone have a play book on investigation via FPMC?

babiojd01
Level 1
Level 1

‎08-21-2017 08:53 PM - edited ‎02-21-2020 06:13 AM

I was interested in if anyone had a playbook they could share as it pertains to FirePower Managment center? If no playbooks can anyone share what their steps are as to:

1. What you personally investigate first? Impact 1?, IOC, Malware alerts...

2. What Cisco Recommends whats investigated first?

3. Cisco documentation on recommended steps for analysis?

 

 

Labels:
0 Helpful
3 Replies 3

rick11
Level 1
Level 1

‎01-12-2018 06:59 AM

Hello,

I didn't found any useful documentation, I can advice to look in other books but in general I would say

Impact 1 and Impact 2 events not blocked

0 Helpful

babiojd01
Level 1
Level 1
In response to rick11

‎01-12-2018 07:02 AM

What would stop an impact 1 or 2 event from being blocked? A Signature set to alert only?

0 Helpful

rick11
Level 1
Level 1
In response to babiojd01

‎01-12-2018 07:07 AM

Each signature can be set in Drop/Generate events/Disable state , depends how you configure it

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card