The Office of Cybersecurity is happy to announce that we will be hosting a brownbag training session for Cisco AMP on October 31st. The purpose of the session is to familiarize and train IT admins across campus with the AMP endpoint connector and the AMP administrative console. While we encourage in-person attendance, you will have the option to attend remotely via Webex (timing & Webex details below). Register to attend AMP training (in-person or via Webex) or to receive information on additional training opportunities. In addition to the structured agenda outlined below, there is a significant portion of time set aside for questions – so come prepared to participate!
Date: October 31st
Location: Computer Science Building, Room 3139BC
Meeting Code: 921 803 997
- Brief introduction to AMP connector and how it functions (10 minutes)
- Getting started (5 minutes):
- Requesting AMP console account & endpoint connectors
- Downloading the AMP connector
- Deployment options available through BigFix, SCCM, JAMF, Airwatch, etc.
- Detailed Threat Analysis in the AMP Console (10-15 minutes)
- Viewing and reviewing events
- Drilling down into the details
- Tuning for performance (10-15 minutes)
- Whitelisting files
- Setting up exclusions
- Configuring policy settings and detection engines (15 minutes)
- Tetra/Clam AV traditional AV scanning (and scheduling scans)
- File, Network, Malicious Activity Protection, System Process Protection detection engines
- Enabling/disabling the local GUI
- Maintenance (5-10 minutes)
- Updating AMP via the console
- What happens with imaging/duplicate endpoints?
- Checking endpoint health & known issues
- Answer audience questions regarding AMP (remaining time)
If you have questions that you would like added to the agenda, or questions in general, email email@example.com.
–The Office of Cybersecurity