Home >
Enterprise >
Participants >
Cisco > Carbanak+FIN7 Configuration
|
Cisco Configuration
Product Versions
Cisco Secure Endpoint (AMP for Endpoints) Premier with the following connector versions:
Detection/Protection Scope | Product | Configuration |
---|---|---|
Domain Controller (Windows Server 2019) | Cisco Secure Endpoint (AMP for Endpoints) Windows Connector 7.3.9 | Detection Test Policy Protection Test Policy |
User Systems (Windows 10) | Cisco Secure Endpoint (AMP for Endpoints) Windows Connector 7.3.9 | Detection Test Policy Protection Test Policy |
File Server (CentOS 7.7) | Cisco Secure Endpoint (AMP for Endpoints) Linux Connector 1.13.2 | Detection Test Policy Protection Test Policy |
Product Description
Cisco® Secure Endpoint (AMP for Endpoints) integrates prevention, detection, threat hunting and response capabilities in a single solution, leveraging the power of cloud-based analytics. Secure Endpoint will protect your Windows, Mac, Linux, Android, and iOS devices through a public or private cloud deployment.
Included with Cisco Secure Endpoint (AMP for Endpoints), SecureX is a cloud-native, built-in platform experience that connects the Cisco Secure portfolio and your infrastructure. SecureX is integrated and open for simplicity, unified in one location for visibility, and maximizes operational efficiency with automated workflows to reduce threat dwell time and human-powered tasks to stay compliant and counter attacks.
To further enhance threat context and streamline investigation and response, Cisco maps extensively, where applicable, to tactics, techniques and procedures defined in MITRE ATT&CK. Examples include:
-
Detection Event Descriptions
-
Catalog of Cisco-curated Advanced Searches for Indicators of Compromise/Attack
-
Dynamic File Analysis Behavior Indicators
Product Configuration
Exploit Prevention engine was disabled during FIN7 Detection Test
Windows User Systems and Domain Controller
Detection Test Policy | Protection Test Policy |
---|---|
Product’s default Audit policy settings from First Use Wizard:
|
Product’s default Protect policy settings from First Use Wizard:
|
With the following modifications from default Outbreak Control:
|
With the following modifications from default
Outbreak Control:
|
Linux File Server
Detection Test Policy | Protection Test Policy |
---|---|
Product’s default Audit policy settings from First Use Wizard:
Files: Audit Network: Audit ClamAV: Enabled |
Product’s default Protect policy settings from First Use Wizard:
Files: Quarantine Network: Audit ClamAV: Enabled |
With the following modifications from default Outbreak Control: |
With the following modifications from default Outbreak Control: |