Right click URL or select test to search on Cisco AMP/TG (including Threat Response) and Umbrella. Requires respective portal accts
This chrome extension is now obsolete with the release of Cisco SecureX platform. Cisco SecureX platform connects the breadth of Cisco's integrated security portfolio and infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across network, endpoint, cloud, and applications. Check out the additional capabilities that the SecureX Ribbon and Casebook app can provide:
- Fixed Investigate in Cisco Threat Response to use the respective regional AMP cloud configured in extension options settings.
- Rebranded AMP Visibility to Cisco Threat Response.
- Cisco Threat Response should be the primary search interface... Moved it to top
- Updated selected text search to Cisco Threat Response with better input validation/sanitization
- Additional selected text input parsing to automatically change hxxp(s) to http(s) for directly pivoting from Talos Blog posts
- Additional selected text input parsing to automatically change IP Addresses and domains from w[.]x[.]y[.]z to w.x.y.z for directly pivoting from Talos Blog posts.
- Added support for AMP APJC Cloud in options menu
- Updated search to include strings any selected text to Cisco AMP Visibility
- Updated search to Sourcefire AMP to reflect branding change to Cisco AMP
- Updated Opendns/ODNS to reflect branding change to Cisco Umbrella
- Also updated Investigate lookups to investigate.umbrella.com
- Added an extension Options page that allows:
o selection of AMP US or EU Clouds
Direct EU Console search will soon be deprecated in favor of options
o definition of an AMP Private Cloud server to extend search into
Supports FQDN (e.g. private-amp.example.com) or IP Address
- Added hash search into OpenDNS Investigate
- Added Context Based search to search back within Cisco AMP for Endpoints console for selected text by Hash, filename, device name, URL or IP Address.
- Added OpenDNS Investigate search options
Context Menu enabled Threat Intelligence search of selected text
URL - Searches Cisco AMP Threat Grid for any known threat intelligence associated to the URL
URL - Searches Cisco OpenDNS for any known threat intelligence associated to the FQDN in URL
IP/Domain - Searches Cisco AMP Threat Grid and OpenDNS Investigate for any known threat intelligence
MD5/SHA Hash - Searches Cisco AMP Threat Grid for any known threat intelligence associated to the file. Does not search OpenDNS since hashes are not indexed there.