From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access
Unlock this course with a free trial
Join today to access over 22,700 courses taught by industry experts.
Indication of compromise (IOC)
From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access
Indication of compromise (IOC)
- [Instructor] Indications of compromise or IOC's are simply pieces of data that can help us to identify specific information related to malicious files or behavior in our network or any abnormal behavior. Here, we're going to look at how we can define some key aspects of our end point policies which is how we determine what will be an indicator of compromise for our network. The relevant section we want to examine within Cisco AMP is the outbreak control menu that we see here at the top. This is going to allow us to create lists that will customize AMP for our needs. So first, let's click on that and take a look at the custom detections area at the top. You'll see that we have simple, advanced and Android. Custom detections are similar to creating and adding entries in a black list in order to block items. So let's first click the simple custom detection option to take a look at that. Once this loads, you're going to see that we have some custom detections already in there. Let's…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
(Locked)
Antimalware6m 8s
-
(Locked)
Retrospective security4m 59s
-
(Locked)
Indication of compromise (IOC)7m 3s
-
(Locked)
Antivirus4m 22s
-
Dynamic file analysis4m 39s
-
Endpoint device management3m 50s
-
(Locked)
Asset inventory6m 43s
-
(Locked)
Mobile device management (MDM)7m 16s
-
(Locked)
Multifactor authentication (MFA)5m 17s
-
(Locked)
Endpoint posture assessment6m 1s
-
(Locked)
Endpoint patching5m 16s
-
(Locked)
-
-