Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
babiojd01
babiojd01
Community Member
‎08-21-2017 08:53 PM
‎08-21-2017 08:53 PM

Anyone have a play book on investigation via FPMC?

I was interested in if anyone had a playbook they could share as it pertains to FirePower Managment center? If no playbooks can anyone share what their steps are as to:

1. What you personally investigate first? Impact 1?, IOC, Malware alerts...

2. What Cisco Recommends whats investigated first?

3. Cisco documentation on recommended steps for analysis?

 

 

0 Helpful
Reply
3 REPLIES
riccardosl
riccardosl
Community Member
‎01-12-2018 06:59 AM
‎01-12-2018 06:59 AM

Re: Anyone have a play book on investigation via FPMC?

Hello,

I didn't found any useful documentation, I can advice to look in other books but in general I would say

Impact 1 and Impact 2 events not blocked

0 Helpful
Reply
babiojd01
babiojd01
Community Member
‎01-12-2018 07:02 AM
‎01-12-2018 07:02 AM

Re: Anyone have a play book on investigation via FPMC?

What would stop an impact 1 or 2 event from being blocked? A Signature set to alert only?

0 Helpful
Reply
Highlighted
riccardosl
riccardosl
Community Member
‎01-12-2018 07:07 AM
‎01-12-2018 07:07 AM

Re: Anyone have a play book on investigation via FPMC?

Each signature can be set in Drop/Generate events/Disable state , depends how you configure it

0 Helpful
Reply
Latest Documents
How to generate FXOS troubleshoot file on 2100/4100/9300-series Firepower NGFW appliances
Created by cohadley on 04-11-2018 02:00 PM
0
5
0
5
Introduction This document describes how to generate an FXOS troubleshoot file for 2100/4100/9300-series devices Components Used The information in this document is based on these software and hardware versions: Cisco Firepower 9300 Security Appliance r... view more
FTD URL Filtering - How it works?
Created by Mohammed al Baqari on 03-12-2018 11:37 PM
1
45
1
45
FP URL filtering capability can classify the URLs based on: Categories (classification) Reputation (risk level) This varies from High Risk (level 1) to Well Known (level 5) Category + Reputation Manual URLs If you select a reputation level to allow,... view more
Self-Paced Learning for Cisco Firepower NGFW, NGIPS, AMP (with Detail Step-by-Step Screenshots)
Created by Nazmul Rajib on 01-05-2018 04:38 PM
2
80
2
80
Cisco Press has published a step-by-step visual guide to configuring and troubleshooting of the Cisco Firepower Threat Defense (FTD). Each consistently organized chapter on this book contains definitions of keywords, operational flowcharts, architectural ... view more
All Documents
427
Views
0
Helpful
3
Replies
CreatePlease to create content
Discussion
Blog
Document
Video