EDR: What Version of the console supports the AMSI Threat Intelligence Feed?

EDR: What Version of the console supports the AMSI Threat Intelligence Feed?

search cancel

EDR: What Version of the console supports the AMSI Threat Intelligence Feed?

book

Article ID: 291800

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What version of the EDR console supports the AMSI feed?

Environment

EDR: 7.2.0 server and higher

Resolution

Support for AMSI was added as a beta feature in v7.2.0 but at this time the console does not display AMSI data
To see and filter on AMSI data (requires Windows 7.1.0+ sensor) it needs to be forwarded to a SIEM that supports filtering the data, please refer to the Integration Guide for more details.

Additional Information

Support for AMSI events being displayed in the EDR console is planned to be included with the EDR 7.6 release.

Feedback

thumb_up Yes

thumb_down No