University of Wisconsin–Madison
Cisco logo

Get training for Cisco AMP on Oct 31

The Office of Cybersecurity is happy to announce that we will be hosting a brownbag training session for Cisco AMP on October 31st. The purpose of the session is to familiarize and train IT admins across campus with the AMP endpoint connector and the AMP administrative console. While we encourage in-person attendance, you will have the option to attend remotely via Webex (timing & Webex details below). Register to attend AMP training (in-person or via Webex) or to receive information on additional training opportunities. In addition to the structured agenda outlined below, there is a significant portion of time set aside for questions – so come prepared to participate!

Date: October 31st
Time: 11:30am-1:00pm
Location: Computer Science Building, Room 3139BC

Join the brownbag via Webex

Meeting Code: 921 803 997
Password: Wp7bf2Xm

Brownbag Agenda:

  1. Brief introduction to AMP connector and how it functions (10 minutes)
  2. Getting started (5 minutes):
    1. Requesting AMP console account & endpoint connectors
    2. Downloading the AMP connector
    3. Deployment options available through BigFix, SCCM, JAMF, Airwatch, etc.
  3. Detailed Threat Analysis in the AMP Console (10-15 minutes)
    1. Viewing and reviewing events
    2. Drilling down into the details
  4. Tuning for performance (10-15 minutes)
    1. Whitelisting files
    2. Setting up exclusions
  5. Configuring policy settings and detection engines (15 minutes)
    1. Tetra/Clam AV traditional AV scanning (and scheduling scans)
    2. File, Network, Malicious Activity Protection, System Process Protection detection engines
    3. Enabling/disabling the local GUI
  6. Maintenance (5-10 minutes)
    1. Updating AMP via the console
    2. What happens with imaging/duplicate endpoints?
    3. Checking endpoint health & known issues
  7. Answer audience questions regarding AMP (remaining time)

Contact Information:
If you have questions that you would like added to the agenda, or questions in general, email oakes.dobson@wisc.edu.

–The Office of Cybersecurity