cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

File Trajectory and history

Hello everyone,

Does anyone know if Smartevent is able to show the file history and trajectory of a file across an enterprise?

An example would be a file that was first seen 1 month ago in several gateways and/or endpoints, indicating attack vectors (SMTP, FTP, HTTP, etc) and properties of said file (size, hash, filename and extension, etc)

Then later, if the file is flagged as malicious and seen again on a gateway or endpoint, one could go to a smartevent report or view, search a file by md5 or filename and confirm which endpoints received that file and what was the attack vector.

Many thanks for your tips.

Best regards,

Pedro Madeira

2 Replies
Admin
Admin

Re: File Trajectory and history

This is actually part of what SandBlast Agent Forensics provides.

You can see in the reports exactly how an Endpoint got infected (where the file came from, how it propagated through the system, etc).

I assume without this you could search the logs for a given file/hash.

Re: File Trajectory and history

Hi Dameon,

Yes, I know that part of those capabilities are part of the Sandblast agent forensics.

However I was looking for some of these reporting capabilities on the gateway side since this is probably being offered by Cisco competition on their AMP solution and the project doesn't involve an endpoint protection solution.

Thanks anyway for taking the time to reply to me.

PM

0 Kudos