Right click URL or select test to search on Cisco AMP/TG (including Threat Response) and Umbrella. Requires respective portal accts
- Fixed Investigate in Cisco Threat Response to use the respective regional AMP cloud configured in extension options settings.
- Rebranded AMP Visibility to Cisco Threat Response.
- Cisco Threat Response should be the primary search interface... Moved it to top
- Updated selected text search to Cisco Threat Response with better input validation/sanitization
- Additional selected text input parsing to automatically change hxxp(s) to http(s) for directly pivoting from Talos Blog posts
- Additional selected text input parsing to automatically change IP Addresses and domains from w[.]x[.]y[.]z to w.x.y.z for directly pivoting from Talos Blog posts.
- Added support for AMP APJC Cloud in options menu
- Updated search to include strings any selected text to Cisco AMP Visibility
- Updated search to Sourcefire AMP to reflect branding change to Cisco AMP
- Updated Opendns/ODNS to reflect branding change to Cisco Umbrella
- Also updated Investigate lookups to investigate.umbrella.com
- Added an extension Options page that allows:
o selection of AMP US or EU Clouds
Direct EU Console search will soon be deprecated in favor of options
o definition of an AMP Private Cloud server to extend search into
Supports FQDN (e.g. private-amp.example.com) or IP Address
- Added hash search into OpenDNS Investigate
- Added Context Based search to search back within Cisco AMP for Endpoints console for selected text by Hash, filename, device name, URL or IP Address.
- Added OpenDNS Investigate search options
Context Menu enabled Threat Intelligence search of selected text
URL - Searches Cisco AMP Threat Grid for any known threat intelligence associated to the URL
URL - Searches Cisco OpenDNS for any known threat intelligence associated to the FQDN in URL
IP/Domain - Searches Cisco AMP Threat Grid and OpenDNS Investigate for any known threat intelligence
MD5/SHA Hash - Searches Cisco AMP Threat Grid for any known threat intelligence associated to the file. Does not search OpenDNS since hashes are not indexed there.