Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Anyone have a play book on investigation via FPMC?

I was interested in if anyone had a playbook they could share as it pertains to FirePower Managment center? If no playbooks can anyone share what their steps are as to:

1. What you personally investigate first? Impact 1?, IOC, Malware alerts...

2. What Cisco Recommends whats investigated first?

3. Cisco documentation on recommended steps for analysis?

 

 

3 REPLIES
New Member

Re: Anyone have a play book on investigation via FPMC?

Hello,

I didn't found any useful documentation, I can advice to look in other books but in general I would say

Impact 1 and Impact 2 events not blocked

New Member

Re: Anyone have a play book on investigation via FPMC?

What would stop an impact 1 or 2 event from being blocked? A Signature set to alert only?

Highlighted
New Member

Re: Anyone have a play book on investigation via FPMC?

Each signature can be set in Drop/Generate events/Disable state , depends how you configure it

295
Views
0
Helpful
3
Replies
CreatePlease to create content