extension ExtPose

Cisco AMP/TG/Umbrella/CTR Intelligence Search

Description from extension meta

Right click URL or select test to search on Cisco AMP/TG (including Threat Response) and Umbrella. Requires respective portal accts

Image from store Cisco AMP/TG/Umbrella/CTR Intelligence Search
Description from store V0.0.14 - Fixed Investigate in Cisco Threat Response to use the respective regional AMP cloud configured in extension options settings. V0.0.13 - Rebranded AMP Visibility to Cisco Threat Response. - Cisco Threat Response should be the primary search interface... Moved it to top - Updated selected text search to Cisco Threat Response with better input validation/sanitization - Additional selected text input parsing to automatically change hxxp(s) to http(s) for directly pivoting from Talos Blog posts - Additional selected text input parsing to automatically change IP Addresses and domains from w[.]x[.]y[.]z to w.x.y.z for directly pivoting from Talos Blog posts. - Added support for AMP APJC Cloud in options menu V0.0.12 - Updated search to include strings any selected text to Cisco AMP Visibility V0.0.11 - Updated search to Sourcefire AMP to reflect branding change to Cisco AMP V0.0.10 - Updated Opendns/ODNS to reflect branding change to Cisco Umbrella - Also updated Investigate lookups to investigate.umbrella.com v0.0.9 - Added an extension Options page that allows: o selection of AMP US or EU Clouds Direct EU Console search will soon be deprecated in favor of options o definition of an AMP Private Cloud server to extend search into Supports FQDN (e.g. private-amp.example.com) or IP Address V0.0.8 - Added hash search into OpenDNS Investigate V0.0.7 - Added Context Based search to search back within Cisco AMP for Endpoints console for selected text by Hash, filename, device name, URL or IP Address. v0.0.6 - Added OpenDNS Investigate search options --- Context Menu enabled Threat Intelligence search of selected text URL - Searches Cisco AMP Threat Grid for any known threat intelligence associated to the URL URL - Searches Cisco OpenDNS for any known threat intelligence associated to the FQDN in URL IP/Domain - Searches Cisco AMP Threat Grid and OpenDNS Investigate for any known threat intelligence MD5/SHA Hash - Searches Cisco AMP Threat Grid for any known threat intelligence associated to the file. Does not search OpenDNS since hashes are not indexed there.

Latest reviews

  • (2018-10-17) LT Teo: Awesome!!!
  • (2018-07-27) Jeff Fanelli: easy pivot. great plugin
  • (2018-03-14) Marc Dorn: Easy way to pivot from umbrella findings into ThreatGrid and AMP
  • (2017-03-29) Billy Carter: I like it

Statistics

Installs
1,776 history
Category
Rating
4.9286 (14 votes)
Last update / version
2018-10-11 / 0.0.14.1
Listing languages

Links