From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access

Unlock this course with a free trial

Join today to access over 22,700 courses taught by industry experts.

Indication of compromise (IOC)

Indication of compromise (IOC)

From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access

Start my 1-month free trial Buy for my team

Indication of compromise (IOC)

- [Instructor] Indications of compromise or IOC's are simply pieces of data that can help us to identify specific information related to malicious files or behavior in our network or any abnormal behavior. Here, we're going to look at how we can define some key aspects of our end point policies which is how we determine what will be an indicator of compromise for our network. The relevant section we want to examine within Cisco AMP is the outbreak control menu that we see here at the top. This is going to allow us to create lists that will customize AMP for our needs. So first, let's click on that and take a look at the custom detections area at the top. You'll see that we have simple, advanced and Android. Custom detections are similar to creating and adding entries in a black list in order to block items. So let's first click the simple custom detection option to take a look at that. Once this loads, you're going to see that we have some custom detections already in there. Let's…

Contents