Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
176
Views
2
Helpful
6
Replies

End point detection

neroblaze
Level 1
Level 1

ā€Ž04-17-2024 07:54 AM

I am new to cisco endpoint and will need some help in creating rolling 3 months analysis for end point positive detections

and also analysis for false positive detection.Any help and directions will be deeply appriciated.

Thanks 

Labels:
0 Helpful
6 Replies 6

Roman Valenta
Cisco Employee
Cisco Employee

ā€Ž04-17-2024 08:59 AM

I'm not sure what you mean by creating <rolling 3 months analysis> but there is retention policy in place for AMP where we only keep data available to you for 30 days. Anything older than 30 days is automatically purged. If you are looking for some type of reports you can setup custom or browse through built in weekly / monthly reports in your console under Analysis tab

0 Helpful

neroblaze
Level 1
Level 1
In response to Roman Valenta

ā€Ž04-23-2024 07:42 AM

Hi  Roman, thanks for your response. By creating 3 months I mean getting data from the previous 2 months and comparing them to the recent month. Is there a way I can generate a report for detected threat events from February and March ,and then compare them to a report in April? Or the retention policy does not make that possible? Thanks for all the help.

0 Helpful

Roman Valenta
Cisco Employee
Cisco Employee
In response to neroblaze

ā€Ž04-23-2024 09:16 AM

OK so let me be more specific. You can only browse events under Event tab that will give you all the details such as event names, Device Trajectory, File trajectory, Detection,  etc..  for 30 days  how ever you can get summarized reports by default Weekly / Monthly under Analysis tab Reports.

 

Those are available to you and go back for very long time. In my org for example since it was created in 2020 but those reports are very high overview and basic so not sure if that's enough for you. It will contain this info in words and graphical preview.

Example:

Table of Contents
---------------

Connector Status: 444K Files Scanned, 30.7K IPs Scanned
Compromises: 3 New Compromises, 0 Resolved
File Detections: 98 Detections, 47 Quarantines
Network Detections: 0 DFC Detections, 0 Computers Affected, 0 Agentless Global Threat Alerts Events
Threat Root Cause
Low Prevalence Executables: 12 Low Prevalence Executables Analyzed
Vulnerabilities: 2 Vulnerabilities Observed

neroblaze
Level 1
Level 1
In response to Roman Valenta

ā€Ž04-23-2024 09:39 AM

I have seen the summarized reports that can be generated under the analysis tab Reports. They are not really helpful as i am looking for reports for endpoint detections which will allow me to also filter out false positives. I need to get this reports for positive detections and also false positive detections for management. Any ideas are welcome and thanks again.

0 Helpful

Pulkit Mittal
Level 1
Level 1

ā€Ž04-17-2024 07:47 PM

Since you are new to Cisco secure endpoint, I suggest looking at the best practices guides as well.

 Secure Endpoint Best Practices Guide - Cisco

Configure and Identify Secure Endpoint Exclusions - Cisco

If you find this useful, please mark it helpful.

neroblaze
Level 1
Level 1
In response to Pulkit Mittal

ā€Ž04-23-2024 07:43 AM

Thanks alot for the information

0 Helpful
Customers Also Viewed These Support Documents