Using Application Behavior Investigation on the Remote Agent
The application behavior investigation process on the remote agent is a nonintrusive mechanism. The agent continues to function normally while all normal agent interaction occurs. The only difference is that while an investigation is running on the selected agent, all interaction regarding the application being monitored is logged for further reporting and investigation at the central management console after the job is concluded.
The sample investigative process for this scenario watched winword.exe. During the time the job was running on the selected agent system, the application was fully tested by an individual and has all the desired functions, including reading and writing files ...
Get Cisco Security Agent now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
