logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: What Version of the console supports the AMSI Threat Intelligence Feed?

EDR: What Version of the console supports the AMSI Threat Intelligence Feed?

Environment

  • EDR: 7.2.0 server and higher

Question

What version of the EDR console supports the AMSI feed?

Answer

  • Support for AMSI was added as a beta feature in v7.2.0 but at this time the console does not display AMSI data
  • To see and filter on AMSI data (requires Windows 7.1.0+ sensor) it needs to be forwarded to a SIEM that supports filtering the data, please refer to the Integration Guide for more details.

Additional Notes

Support for AMSI events being displayed in the EDR console is planned to be included with the EDR 7.6 release.
 

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-23-2020
Views:
972
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.