View Malware Events
The Advanced Malware Protection (AMP) events dashlet displays the counts of malicious, unknown, and clean files identified by AMP over a selected period. AMP blocks malware based on file reputation and uploads unknown files to Cisco AMP Threat Grid for further analysis.
The Top Intrusion & Malware Events dashlet on the Security Cloud Control dashboard is mapped to the Intrusion Prevention and Advanced Malware Protection dashlets on the Monitor page of Catalyst SD-WAN Manager on the Security tab.
Procedure
Step 1 | In the Security Cloud Control platform menu, click Dashboard. |
Step 2 | Navigate to the Top Intrusion & Malware Events dashlet. |
Step 3 | Click SDWAN under Data Sources. |
Step 4 | Click the Malware Events tab. |
Step 5 | Select Blocked from the dropdown on the right of the dashlet; by default, Allowed is selected. |
Step 6 | Click the event you want to view on the Catalyst SD-WAN Manager. A cross-launch window of the Catalyst SD-WAN Manager Monitor page opens. |
Step 7 | Navigate to the Advanced Malware Protection dashlet to view the event. |