Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2680
Views
0
Helpful
1
Replies

Conviction Mode / Device Flow Correlation AMP policy

carl14757
Level 1
Level 1

‎01-03-2020 07:31 AM - edited ‎02-20-2020 09:11 PM

What is the relationship in AMP between the "Network Conviction Mode" and "Device Flow Corrrelation" under the advanced network settings? If the "Enable Device Flow Correlation" be enabled must the conviction mode for network active be at least audit or block? 

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎01-03-2020 11:50 AM

Here's a descrtion of a "Network Activity" Conviction mode from the online Help. This section is specific to Clarity/Cisco Security Connector (eg the iPhone connector), but I'm reasonably confident it applies across the board.



Conviction Modes
Conviction Modes specify how the Clarity module of the Cisco Security Connector responds to suspicious network activity. There are three modes available:
*

Active Block checks that the traffic is not destined to a malicious or blocked address before allowing the connection. This provides the highest level of security but there will also be latency with each network connection.

IMPORTANT! Even in Active Block mode connections will eventually be allowed if the device is unable to reach the Cisco cloud to check the disposition of the destination address.
*

Block allows network connections while simultaneously checking if the destination address is malicious or blocked. The initial connection will be allowed but all subsequent connections to a malicious or blocked site will be blocked.



*

Audit will allow all connections but any connections to malicious or blocked sites will be logged.





0 Helpful
Customers Also Viewed These Support Documents