Cisco Secure Endpoint Alert

This rule is part of a beta feature. To learn more, contact Support.

Classification:

attack

Tactic:

Technique:

Set up the cisco-secure-endpoint integration.

Goal

Detect alerts generated by Cisco Secure Endpoint.

This rule monitors alerts logs generated by Cisco Secure Endpoint.

Analyse the {{@event.severity}} severity event on hostname {{@event.computer.hostname}}.
Investigate specific alert details and context to determine the threat impact.
Take necessary and appropriate actions based on company procedures.