Cisco ISE case studies
Cases similar to the case below may be detected by the Cisco ISE integration:
The Sophos MDR team received a detection from Cisco ISE mapped under the MITRE ATTACK Technique as 'Server Software Component: Web Shell', requiring an analyst to review the activity.
Reviewing the activity that generated the detection, we did not observe any signs of suspicious activity.
Because this activity appears benign and no action is required, we will resolve this case. If similar detections are generated for the same activity, we will look at suppressing the activity on our end.