Does anybody know if the AMP -Sourcefire SNORT integration is real-time? I mean will it provide zero day type of response to a malware source? Maybe better said, is there an update interval set in the AMP integration that gets updates on a schedule? Or does it constantly pull it down? TIA
Thanks I did run across that but initially it looked like a setting for the uplink stats to 18.104.22.168. But definitely pointed out in the documentation and also when you hover over the (i) icon in the dashboard, I see where it says applies to security updates including Malware. Thanks PhilipDAth!!