Cisco Secure Endpoint Alert

This rule is part of a beta feature. To learn more, contact Support.
cisco-secure-endpoint

Classification:

attack

Tactic:

TA0002-execution

Technique:

T1059-command-and-scripting-interpreter

Goal

Detect alerts generated by Cisco Secure Endpoint.

Strategy

This rule monitors alerts logs generated by Cisco Secure Endpoint.

Triage and response

  1. Analyse the {{@event.severity}} severity event on hostname {{@event.computer.hostname}}.
  2. Investigate specific alert details and context to determine the threat impact.
  3. Take necessary and appropriate actions based on company procedures.