The Office of Cybersecurity will be hosting a lunch and learn training session for Cisco AMP on October 31st. The purpose of the session is to familiarize and train IT admins across campus with the AMP endpoint connector and the AMP administrative console. While we encourage in-person attendance, you will have the option to attend remotely via Webex (details below). In addition to the structured agenda outlined below, there is a significant portion of time set aside for questions – so come prepared to participate!
Cicso AMP Brownbag
Computer Science Building, Room 3139BC
Meeting Code: 921 803 997
- Brief introduction to AMP connector and how it functions (10 minutes)
- Getting started (5 minutes):
- Requesting AMP console account & endpoint connectors
- Downloading the AMP connector
- Deployment options available through BigFix, SCCM, JAMF, Airwatch, etc.
- Detailed Threat Analysis in the AMP Console (10-15 minutes)
- Viewing and reviewing events
- Drilling down into the details
- Tuning for performance (10-15 minutes)
- Whitelisting files
- Setting up exclusions
- Configuring policy settings and detection engines (15 minutes)
- Tetra/Clam AV traditional AV scanning (and scheduling scans)
- File, Network, Malicious Activity Protection, System Process Protection detection engines
- Enabling/disabling the local GUI
- Maintenance (5-10 minutes)
- Updating AMP via the console
- What happens with imaging/duplicate endpoints?
- Checking endpoint health & known issues
- Answer audience questions regarding AMP (remaining time)
If you have questions that you would like added to the agenda, or questions in general, email firstname.lastname@example.org.
-The Office of Cybersecurity