Configuring Application Behavior Investigation
The application behavior investigation process begins with configuration tasks on the central CSA MC system. This portion of the process defines the application or process you want to watch. This application may be a known application you are now developing policies to control or an unknown process discovered through application deployment investigation (which you learned about in Chapter 10, “Application Deployment Investigation”), antivirus reporting, or other means. Regardless of how the process was discovered, as a security practitioner, it is imperative that you fully understand in detail the applications that interact with your systems and resources.
When configuring a behavior analysis job, ...
Get Cisco Security Agent now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
