Cloud_Recall_Quarantine_Attempt_Failed_Cisco AMP_General

Alert

Cloud Recall Quarantine Attempt Failed (Cloud Recall Quarantine Attempt Failed)

SK4 unified event:
Connector/Service

Cisco AMP/General

SK4 Version:

2.3.105

Created Date:

Tue Jan 22 2019 12:44:39 GMT+0000 (Coordinated Universal Time)

Last Update:

Tue Jun 18 2019 11:12:10 GMT+0000 (Coordinated Universal Time)

Category

Security Alert

Description

A security alert has been detected. An attempt to quarantine has failed. Check the cn2 CEF value to trace the failed quarantine attempts.

Search query

cef_vendor="skyformation" cef_name="security-threat-detected" destinationServiceName="Cisco AMP" fileType="file" act="detect" outcome="quarantine" cn2="0"

Parsed CEF
Unparsed raw data

Expand to see an example...

Audit sources