You are here
SEC0390 - Firepower 7.0 Event Correlation and Remediation (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates capabilities to correlate system events and generate appropriate remediation responses on Cisco Firepower 7.0. We will go through three sample scenarios; first with a basic event matching and responding, second with connection tracking, and third using Malware event. The responses that will be configured are NMAP scan, ISE ANC and SGT assignment
Part 2 of this video covers the second scenario to quarantine user that transfer a file larger than 1MB via FTP using ISE ANC
Topic:
- Correlation Policy and Rules
- Correlation Rule Event Conditions
- Connection Tracking
- Remediation Response and Response Group
- Remediation with NMAP Scan, ISE ANC, and SGT
- ISE Integration
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.