Cisco Secure Endpoint malicious activity detected in system scan
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
This rule is designed to identify and flag instances of potential malicious activity detected during system scans conducted by Cisco Secure Endpoint.
Strategy
This rule monitors and reports the presence of a positive number of malicious detections identified during comprehensive system scans executed by Cisco Secure Endpoint.
Triage and response
- Investigate the system scan by hostname:
{{@event.computer.hostname}}. - Investigate more about the system scan by scan description (
{{@event.scan.description}}) and number of malicious detections ({{@event.scan.malicious_detections}}). - Initiate containment measures to isolate affected systems or endpoints from the network if confirmed as a security threat.
- Execute remediation actions, such as deploying security patches, updating antivirus definitions, or performing system scans to remove any detected malware.
- Take necessary and appropriate actions based on the company procedures.
