Notas de publicaciónTabla de contenidosUpdates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update13Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16Uninstalling the Update and Online Help16After the Uninstallation16Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.220Issues Resolved in Previous Updates21Version 5.2.0.121Version 5.222Known Issues28Known Issues Discovered in Previous Releases29Features Introduced in Previous Versions315.2.x.x315.231Advanced Malware Protection31Malware Blocking31Network File Trajectory32Next-Generation Firewall (NGFW)32Clustered State Sharing32Gateway VPN33Policy-Based NAT34Clustered Stacking34Drop BPDUs Support35Series 2 Device Reimaging35Geolocation35Network Discovery36IPv6 Support36Sourcefire User Agent Logoff Detection36Access Control36Source Ports in Access Control Rules36ICMP Types and Codes in Access Control Rules36SSL Application Detection37URL Blocking based on SSL Common Name37Updates to API Support37eStreamer and Database Access Updates37Extended Rule Documentation37For Assistance38Legal Notices38Terms of Use Applicable to the User Documentation38Terms Of Use and Copyright and Trademark Notices38Tamaño: 200 KBPáginas: 38Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew and Updated Features and Functionality2Updates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes3Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update4Traffic Inspection and Link State4Switching and Routing5Product Compatibility5Web Browser Compatibility5Screen Resolution Compatibility6Updating Your Appliances6Planning the Update6Sourcefire 3D System Version Requirements7Operating System Requirements7Time and Disk Space Requirements7Configuration and Event Backup Guidelines8When to Perform the Update8Installation Method8Order of Installation8Installing the Update on Clustered Devices8Installing the Update on Stacked Devices9Installing the Update on X-Series Devices9After the Installation9Updating Managed Devices and Sourcefire Software for X-Series10Uninstalling the Update13Planning the Uninstallation13Uninstallation Method13Order of Uninstallation13Uninstalling the Update from Clustered or Paired Appliances13Uninstalling the Update from Stacked Devices14Uninstalling the Update from Devices Deployed Inline14Uninstalling the Update from Sourcefire Software for X-Series14After the Uninstallation14Uninstalling the Update from a Managed Device15Uninstalling the Update from a Virtual Managed Device16Uninstalling the Update from Sourcefire Software for X-Series17Resolved Issues18Issues Resolved in Previous Updates18Version 5.3.0.4:19Version 5.3.0.3:19Version 5.3.0.123Version 5.325Known Issues28Known Issues Reported in Previous Releases29Features Introduced in Previous Versions385.3.0.x385.338File Capture and Storage38Dynamic Analysis, Threat Scores, and Summary Reports39Custom Detection39Spero Engine40SMB File Detection40AMP Cloud Connectivity40Host and Event Correlation IOC Style (Indications of Compromise)40Enhanced Security Intelligence Event Storage and Views41Simplified Intrusion Policy Variable Management41Geolocation and Access Control41URL Filtering License Change428300 Family of Series 3 FirePOWER Appliances42Dedicated AMP Appliances42Disk Manager Improvements42Malware Storage Packs42Sourcefire Software for X-Series43Virtual Appliance Initial Setup Improvements43Changed Functionality43For Assistance45Legal Notices45Tamaño: 300 KBPáginas: 46Language: EnglishManuales abiertas
Información de licenciaTabla de contenidos1. Introduction32. Overview42.1. Management Information42.2. Retransmission of Requests42.3. Message Sizes42.4. Transport Mappings52.5. SMIv2 Data Type Mappings63. Definitions64. Protocol Specification94.1. Common Constructs94.2. PDU Processing104.2.1. The GetRequest-PDU104.2.2. The GetNextRequest-PDU114.2.2.1. Example of Table Traversal124.2.3. The GetBulkRequest-PDU144.2.3.1. Another Example of Table Traversal174.2.4. The Response-PDU184.2.5. The SetRequest-PDU194.2.6. The SNMPv2-Trap-PDU224.2.7. The InformRequest-PDU235. Notice on Intellectual Property246. Acknowledgments247. Security Considerations268. References268.1. Normative References268.2. Informative References279. Changes from RFC 19052810. Editor's Address3011. Full Copyright Statement31Tamaño: 10 MBPáginas: 8426Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew and Updated Features and Functionality2Changed Functionality2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements6Virtual Appliance Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method8Order of Installation8Installing the Update on Paired Defense Centers8Installing the Update on Clustered Devices8Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation9Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update14Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16After the Uninstallation16Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.620Issues Resolved in Previous Updates22Version 5.2.0.522Version 5.2.0.422Version 5.2.0.323Version 5.2.0.224Version 5.2.0.125Version 5.226Known Issues31Known Issues Reported in Previous Releases32Features Introduced in Previous Versions375.2.x.x375.237Advanced Malware Protection37Malware Blocking37Network File Trajectory38Next-Generation Firewall (NGFW)38Clustered State Sharing38Gateway VPN39Policy-Based NAT40Clustered Stacking40Drop BPDUs Support41Series 2 Device Reimaging41Geolocation41Network Discovery42IPv6 Support42Sourcefire User Agent Logoff Detection42Access Control42Source Ports in Access Control Rules42ICMP Types and Codes in Access Control Rules43SSL Application Detection43URL Blocking based on SSL Common Name43Updates to API Support43eStreamer and Database Access Updates43Extended Rule Documentation43For Assistance43Legal Notices44Tamaño: 300 KBPáginas: 45Language: EnglishManuales abiertas
Información de licenciaTabla de contenidos1. Introduction32. Overview42.1. Management Information42.2. Retransmission of Requests42.3. Message Sizes42.4. Transport Mappings52.5. SMIv2 Data Type Mappings63. Definitions64. Protocol Specification94.1. Common Constructs94.2. PDU Processing104.2.1. The GetRequest-PDU104.2.2. The GetNextRequest-PDU114.2.2.1. Example of Table Traversal124.2.3. The GetBulkRequest-PDU144.2.3.1. Another Example of Table Traversal174.2.4. The Response-PDU184.2.5. The SetRequest-PDU194.2.6. The SNMPv2-Trap-PDU224.2.7. The InformRequest-PDU235. Notice on Intellectual Property246. Acknowledgments247. Security Considerations268. References268.1. Normative References268.2. Informative References279. Changes from RFC 19052810. Editor's Address3011. Full Copyright Statement31Tamaño: 10 MBPáginas: 7263Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosUpdates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements6Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices8Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update13Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16Uninstalling the Update and Online Help16After the Uninstallation17Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.120Issues Resolved in Previous Updates21Version 5.221Known Issues27Known Issues Discovered in Previous Releases28Features Introduced in Previous Versions295.229Advanced Malware Protection29Malware Blocking30Network File Trajectory30Next-Generation Firewall (NGFW)31Clustered State Sharing31Gateway VPN31Policy-Based NAT32Clustered Stacking33Drop BPDUs Support33Series 2 Device Reimaging33Geolocation34Network Discovery34IPv6 Support34Sourcefire User Agent Logoff Detection34Access Control35Source Ports in Access Control Rules35ICMP Types and Codes in Access Control Rules35SSL Application Detection35URL Blocking based on SSL Common Name35Updates to API Support35eStreamer and Database Access Updates35Extended Rule Documentation36For Assistance36Legal Notices36Terms of Use Applicable to the User Documentation36Terms Of Use and Copyright and Trademark Notices36Tamaño: 200 KBPáginas: 37Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosUpdates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements5Time and Disk Space Requirements6Configuration and Event Backup Guidelines6When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating a Managed Device11Using the Shell to Perform the Update13Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16Uninstalling the Update and Online Help16After the Uninstallation16Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.320Issues Resolved in Previous Updates22Version 5.2.0.222Version 5.2.0.122Version 5.223Known Issues29Known Issues Discovered in Previous Releases31Features Introduced in Previous Versions335.2.x.x345.234Advanced Malware Protection34Malware Blocking34Network File Trajectory34Next-Generation Firewall (NGFW)35Clustered State Sharing35Gateway VPN36Policy-Based NAT36Clustered Stacking37Drop BPDUs Support37Series 2 Device Reimaging38Geolocation38Network Discovery38IPv6 Support39Sourcefire User Agent Logoff Detection39Access Control39Source Ports in Access Control Rules39ICMP Types and Codes in Access Control Rules39SSL Application Detection39URL Blocking based on SSL Common Name40Updates to API Support40eStreamer and Database Access Updates40Extended Rule Documentation40For Assistance40Legal Notices40Terms of Use Applicable to the User Documentation40Terms Of Use and Copyright and Trademark Notices41Tamaño: 200 KBPáginas: 41Language: EnglishManuales abiertas
Información de licenciaTabla de contenidos1. Introduction32. Overview42.1. Management Information42.2. Retransmission of Requests42.3. Message Sizes42.4. Transport Mappings52.5. SMIv2 Data Type Mappings63. Definitions64. Protocol Specification94.1. Common Constructs94.2. PDU Processing104.2.1. The GetRequest-PDU104.2.2. The GetNextRequest-PDU114.2.2.1. Example of Table Traversal124.2.3. The GetBulkRequest-PDU144.2.3.1. Another Example of Table Traversal174.2.4. The Response-PDU184.2.5. The SetRequest-PDU194.2.6. The SNMPv2-Trap-PDU224.2.7. The InformRequest-PDU235. Notice on Intellectual Property246. Acknowledgments247. Security Considerations268. References268.1. Normative References268.2. Informative References279. Changes from RFC 19052810. Editor's Address3011. Full Copyright Statement31Tamaño: 7 MBPáginas: 3886Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosBefore You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update13Uninstalling the Update14Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices15Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16After the Uninstallation16Uninstalling the Update from a Managed Device16Uninstalling the Update from a Defense Center18Issues Resolved in Version 5.2.0.519Issues Resolved in Previous Updates19Version 5.2.0.420Version 5.2.0.320Version 5.2.0.221Version 5.2.0.122Version 5.223Known Issues29Known Issues Reported in Previous Releases29Features Introduced in Previous Versions345.2.x.x345.234Advanced Malware Protection34Malware Blocking34Network File Trajectory35Next-Generation Firewall (NGFW)35Clustered State Sharing35Gateway VPN36Policy-Based NAT37Clustered Stacking37Drop BPDUs Support38Series 2 Device Reimaging38Geolocation38Network Discovery39IPv6 Support39Sourcefire User Agent Logoff Detection39Access Control39Source Ports in Access Control Rules39ICMP Types and Codes in Access Control Rules40SSL Application Detection40URL Blocking based on SSL Common Name40Updates to API Support40eStreamer and Database Access Updates40Extended Rule Documentation40For Assistance41Legal Notices41Tamaño: 300 KBPáginas: 42Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew and Updated Features and Functionality2XFF Header Priority2Changed Functionality2Updates to Sourcefire Documentation3Before You Begin: Important Update and Compatibility Notes3Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update4Traffic Inspection and Link State4Switching and Routing5Product Compatibility5Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances6Planning the Update6Sourcefire 3D System Version Requirements6Operating System Requirements6Time and Disk Space Requirements7Configuration and Event Backup Guidelines8When to Perform the Update8Installation Method8Order of Installation8Installing the Update on Paired Defense Centers8Installing the Update on Clustered Devices9Installing the Update on Stacked Devices9Installing the Update on X-Series Devices9After the Installation9Updating a Defense Center10Updating Managed Devices and Sourcefire Software for X-Series12Using the Shell to Perform the Update15Uninstalling the Update16Planning the Uninstallation17Uninstallation Method17Order of Uninstallation17Uninstalling the Update from Clustered or Paired Appliances17Uninstalling the Update from Stacked Devices17Uninstalling the Update from Devices Deployed Inline18Uninstalling the Update from Sourcefire Software for X-Series18After the Uninstallation18Uninstalling the Update from a Managed Device18Uninstalling the Update from a Virtual Managed Device20Uninstalling the Update from Sourcefire Software for X-Series20Uninstalling the Update from a Defense Center21Issues Resolved in Version 5.3.0.223Issues Resolved in Previous Updates25Version 5.3.0.125Version 5.327Known Issues30Known Issues Reported in Previous Releases32Features Introduced in Previous Versions365.3.0.x365.337File Capture and Storage37Dynamic Analysis, Threat Scores, and Summary Reports37Custom Detection38Spero Engine38SMB File Detection38AMP Cloud Connectivity39Host and Event Correlation IOC Style (Indications of Compromise)39Enhanced Security Intelligence Event Storage and Views39Simplified Intrusion Policy Variable Management40Geolocation and Access Control40URL Filtering License Change408300 Family of Series 3 FirePOWER Appliances40Dedicated AMP Appliances41Disk Manager Improvements41Malware Storage Packs41Sourcefire Software for X-Series41Virtual Appliance Initial Setup Improvements42Changed Functionality42For Assistance43Legal Notices44Tamaño: 300 KBPáginas: 45Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew and Updated Features and Functionality2Updates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes3Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State4Switching and Routing4Product Compatibility4Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances6Planning the Update6Sourcefire 3D System Version Requirements6Operating System Requirements6Time and Disk Space Requirements7Configuration and Event Backup Guidelines7When to Perform the Update8Installation Method8Order of Installation8Installing the Update on Clustered Devices8Installing the Update on Stacked Devices8Installing the Update on X-Series Devices8After the Installation9Updating Managed Devices and Sourcefire Software for X-Series9Uninstalling the Update12Planning the Uninstallation12Uninstallation Method12Order of Uninstallation12Uninstalling the Update from Clustered or Paired Appliances12Uninstalling the Update from Stacked Devices13Uninstalling the Update from Devices Deployed Inline13Uninstalling the Update from Sourcefire Software for X-Series13After the Uninstallation13Uninstalling the Update from a Managed Device14Uninstalling the Update from a Virtual Managed Device15Uninstalling the Update from Sourcefire Software for X-Series16Resolved Issues17Issues Resolved in Previous Updates18Version 5.3.0.5:18Version 5.3.0.4:18Version 5.3.0.3:19Version 5.3.0.123Version 5.325Known Issues28Known Issues Reported in Previous Releases28Features Introduced in Previous Versions385.3.0.x385.338File Capture and Storage38Dynamic Analysis, Threat Scores, and Summary Reports39Custom Detection39Spero Engine40SMB File Detection40AMP Cloud Connectivity40Host and Event Correlation IOC Style (Indications of Compromise)40Enhanced Security Intelligence Event Storage and Views41Simplified Intrusion Policy Variable Management41Geolocation and Access Control41URL Filtering License Change428300 Family of Series 3 FirePOWER Appliances42Dedicated AMP Appliances42Disk Manager Improvements42Malware Storage Packs42Sourcefire Software for X-Series43Virtual Appliance Initial Setup Improvements43Changed Functionality43For Assistance45Legal Notices45Tamaño: 300 KBPáginas: 46Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew and Updated Features and Functionality2Advanced Malware Protection Features2File Capture and Storage2Dynamic Analysis, Threat Scores, and Summary Reports3Custom Detection3Spero Engine4SMB File Detection4AMP Cloud Connectivity4Next-Generation Intrusion Prevention (NGIPS) Features5Host and Event Correlation IOC Style (Indications of Compromise)5Enhanced Security Intelligence Event Storage and Views5Simplified Intrusion Policy Variable Management5Next-Generation Firewall (NGFW) Features6Geolocation and Access Control6URL Filtering License Change6FirePOWER Appliance Features68300 Family of Series 3 FirePOWER Appliances6Dedicated AMP Appliances7Disk Manager Improvements7Malware Storage Packs7Platform Support Features7Sourcefire Software for X-Series7Virtual Appliance Initial Setup Improvements8Changed Functionality8Updates to Sourcefire Documentation10Before You Begin: Important Update and Compatibility Notes10Configuration and Event Backup Guidelines11Traffic Flow and Inspection During the Update11Traffic Inspection and Link State12Switching and Routing12Audit Logging During the Update12Product Compatibility13Web Browser Compatibility13Screen Resolution Compatibility13Returning to a Previous Version13Updating Your Appliances13Planning the Update14Sourcefire 3D System Version Requirements14Operating System Requirements15Time and Disk Space Requirements15Configuration and Event Backup Guidelines16When to Perform the Update16Installation Method16Order of Installation17Installing the Update on Paired Defense Centers17Installing the Update on Clustered Devices17Installing the Update on Stacked Devices17X-Series Devices17After the Installation18Updating a Defense Center19Updating Managed Devices21Using the Shell to Perform the Update23Issues Resolved in Version 5.325Known Issues27For Assistance32Legal Notices32Tamaño: 200 KBPáginas: 33Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosBefore You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines2Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility4Updating Your Appliances4Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements5Time and Disk Space Requirements5Configuration and Event Backup Guidelines6When to Perform the Update6Installation Method6Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices7Installing the Update on Clustered Stacks7After the Installation8Updating a Defense Center8Updating Managed Devices10Uninstalling the Update12Planning the Uninstallation13Uninstallation Method13Order of Uninstallation13Uninstalling the Update from Clustered or Paired Appliances13Uninstalling the Update from Stacked Devices13Uninstalling the Update from Clustered Stacks14Uninstalling the Update from Devices Deployed Inline14After the Uninstallation14Uninstalling the Update from a Managed Device14Uninstalling the Update from a Virtual Managed Device16Uninstalling the Update from a Defense Center16Issues Resolved in Version 5.2.0.818Issues Resolved in Previous Updates19Version 5.2.0.719Version 5.2.0.619Version 5.2.0.520Version 5.2.0.421Version 5.2.0.321Version 5.2.0.223Version 5.2.0.123Version 5.224Known Issues30Known Issues Reported in Previous Releases30Features Introduced in Previous Versions365.2.x.x365.236Advanced Malware Protection36Malware Blocking36Network File Trajectory37Next-Generation Firewall (NGFW)37Clustered State Sharing37Gateway VPN38Policy-Based NAT38Clustered Stacking39Drop BPDUs Support39Series 2 Device Reimaging40Geolocation40Network Discovery41IPv6 Support41Sourcefire User Agent Logoff Detection41Access Control41Source Ports in Access Control Rules41ICMP Types and Codes in Access Control Rules41SSL Application Detection42URL Blocking based on SSL Common Name42Updates to API Support42eStreamer and Database Access Updates42Extended Rule Documentation42For Assistance42Legal Notices43Tamaño: 300 KBPáginas: 44Language: EnglishManuales abiertas
/es/manuals/1716397/Tabla de contenidosIntroduction39FireSIGHT System Appliances40Series 2 Appliances41Series 3 Appliances42Virtual Appliances42Sourcefire Software for X-Series42Cisco ASA with FirePOWER Services43Appliances Delivered with Version 5.3.143Supported Capabilities by Defense Center Model44Supported Capabilities by Managed Device Model46FireSIGHT System Components47Redundancy and Resource Sharing48Network Traffic Management48FireSIGHT49Access Control49Intrusion Detection and Prevention50File Tracking, Control, and Malware Protection50Application Programming Interfaces51Documentation Resources52Documentation Conventions53License Conventions53Supported Device and Defense Center Conventions54Access Conventions54IP Address Conventions55Logging into the FireSIGHT System57Logging into the Appliance57Logging into the Appliance to Set Up an Account59Logging Out of the Appliance60Using the Context Menu61Using Dashboards63Understanding Dashboard Widgets66Understanding Widget Availability66Understanding Widget Preferences68Understanding the Predefined Widgets69Understanding the Appliance Information Widget69Understanding the Appliance Status Widget70Understanding the Correlation Events Widget71Understanding the Current Interface Status Widget72Understanding the Current Sessions Widget72Understanding the Custom Analysis Widget73Configuring the Custom Analysis Widget76Viewing Associated Events from the Custom Analysis Widget85Custom Analysis Widget Limitations87Understanding the Disk Usage Widget87Understanding the Interface Traffic Widget88Understanding the Intrusion Events Widget89Understanding the Network Compliance Widget90Understanding the Product Licensing Widget92Understanding the Product Updates Widget92Understanding the RSS Feed Widget93Understanding the System Load Widget94Understanding the System Time Widget95Understanding the White List Events Widget95Working with Dashboards96Creating a Custom Dashboard96Viewing Dashboards98Modifying Dashboards99Changing Dashboard Properties100Adding Tabs101Deleting Tabs101Renaming Tabs101Adding Widgets102Rearranging Widgets103Minimizing and Maximizing Widgets103Deleting Widgets103Deleting a Dashboard104Using the Context Explorer105Understanding the Context Explorer106Understanding the Traffic and Intrusion Event Counts Time Graph107Understanding the Indications of Compromise Section108Viewing the Hosts by Indication Graph108Viewing the Indications by Host Graph109Understanding the Network Information Section109Viewing the Operating Systems Graph110Viewing the Traffic by Source IP Graph110Viewing the Traffic by Source User Graph111Viewing the Connections by Access Control Action Graph112Viewing the Traffic by Destination IP Graph112Viewing the Traffic by Ingress/Egress Security Zone Graph113Understanding the Application Information Section114Viewing the Traffic by Risk/Business Relevance and Application Graph115Viewing the Intrusion Events by Risk/Business Relevance and Application Graph116Viewing the Hosts by Risk/Business Relevance and Application Graph117Viewing the Application Details List117Understanding the Security Intelligence Section118Viewing the Security Intelligence Traffic by Category Graph118Viewing the Security Intelligence Traffic by Source IP Graph119Viewing the Security Intelligence Traffic by Destination IP Graph119Understanding the Intrusion Information Section120Viewing the Intrusion Events by Impact Graph120Viewing the Top Attackers Graph121Viewing the Top Users Graph122Viewing the Intrusion Events by Priority Graph122Viewing the Top Targets Graph123Viewing the Top Ingress/Egress Security Zones Graph123Viewing the Intrusion Event Details List124Understanding the Files Information Section124Viewing the Top File Types Graph125Viewing the Top File Names Graph125Viewing the Files by Disposition Graph126Viewing the Top Hosts Sending Files Graph127Viewing the Top Hosts Receiving Files Graph128Viewing the Top Malware Detections Graph129Understanding the Geolocation Information Section130Viewing the Connections by Initiator/Responder Country Graph130Viewing the Intrusion Events by Source/Destination Country Graph131Viewing the File Events by Sending/Receiving Country Graph132Understanding the URL Information Section133Viewing the Traffic by URL Graph134Viewing the Traffic by URL Category Graph134Viewing the Traffic by URL Reputation Graph135Refreshing the Context Explorer136Setting the Context Explorer Time Range137Minimizing and Maximizing Context Explorer Sections137Drilling Down on Context Explorer Data138Working with Filters in the Context Explorer139Adding and Applying Filters139Creating Filters with the Context Menu143Bookmarking Filters144Managing Reusable Objects145Using the Object Manager145Grouping Objects146Browsing, Sorting, and Filtering Objects147Working with Network Objects147Working with Security Intelligence Lists and Feeds148Working with the Global Whitelist and Blacklist150Working with the Intelligence Feed152Working with Custom Security Intelligence Feeds152Manually Updating Security Intelligence Feeds153Working with Custom Security Intelligence Lists153Updating a Security Intelligence List154Working with Port Objects155Working with VLAN Tag Objects156Working with URL Objects157Working with Application Filters157Working with Variable Sets160Optimizing Predefined Default Variables161Understanding Variable Sets163Managing Variable Sets165Managing Variables166Adding and Editing Variables168Working with Network Variables171Working with Port Variables173Resetting Variables174Linking Variable Sets to Intrusion Policies174Understanding Advanced Variables175Working with File Lists176Uploading Multiple SHA-256 Values to a File List177Uploading an Individual File to a File List178Adding a SHA-256 Value to the File List179Modifying Files on a File List179Downloading a Source File from a File List180Working with Security Zones181Working with Geolocation Objects182Managing Devices185Management Concepts186What Can Be Managed by a Defense Center?186Beyond Policies and Events187Using Redundant Defense Centers187Working in NAT Environments187Configuring High Availability188Using High Availability189Shared Configurations190Health and System Policies191Correlation Responses191Licenses192URL Filtering and Security Intelligence192Cloud Connections and Malware Information192User Agents192Guidelines for Implementing High Availability192Setting Up High Availability193Monitoring and Changing High Availability Status195Disabling High Availability and Unregistering Devices196Pausing Communication Between Paired Defense Centers197Restarting Communication Between Paired Defense Centers197Working with Devices198Understanding the Device Management Page198Adding Devices to the Defense Center199Applying Changes to Devices201Using the Device Management Revision Comparison Report202Deleting Devices203Configuring Remote Management203Editing Remote Management205Changing the Management Port206Managing Device Groups206Adding Device Groups206Editing Device Groups207Deleting Device Groups208Clustering Devices208Establishing Device Clusters211Editing Device Clusters212Configuring Individual Devices in a Cluster213Configuring Individual Device Stacks in a Cluster213Configuring Interfaces on a Clustered Device214Switching the Active Peer in a Cluster215Placing a Clustered Device into Maintenance Mode215Replacing a Device in a Clustered Stack216Establishing Clustered State Sharing216Troubleshooting Clustered State Sharing218Separating Clustered Devices221Managing Stacked Devices221Establishing Device Stacks223Editing Device Stacks225Configuring Individual Devices in a Stack225Configuring Interfaces on a Stacked Device226Separating Stacked Devices226Editing Device Configuration227Editing Assigned Device Names227Enabling and Disabling Device Licenses228Editing Device System Settings229Viewing the Health of a Device230Editing Device Management Settings230Understanding Advanced Device Settings232Automatic Application Bypass232Editing Advanced Device Settings233Configuring Fast-Path Rules234Adding IPv4 Fast-Path Rules234Adding IPv6 Fast-Path Rules236Deleting Fast-Path Rules237Configuring Interfaces238Configuring the Management Interface240Configuring HA Link Interfaces241Configuring the Interface MTU242Managing Cisco ASA with FirePOWER Services Interfaces242Disabling Interfaces243Preventing Duplicate Connection Logging244Setting Up an IPS Device245Understanding Passive IPS Deployments245Configuring Passive Interfaces245Understanding Inline IPS Deployments247Configuring Inline Interfaces247Configuring Inline Sets248Viewing Inline Sets248Adding Inline Sets249Configuring Advanced Inline Set Options251Removing Bypass Mode on Fiber Inline Sets Configured to Fail Open253Deleting Inline Sets254Configuring Sourcefire Software for X-Series Interfaces254Setting Up Virtual Switches257Configuring Switched Interfaces257Configuring Physical Switched Interfaces258Adding Logical Switched Interfaces259Deleting Logical Switched Interfaces260Configuring Virtual Switches261Viewing Virtual Switches261Adding Virtual Switches262Configuring Advanced Virtual Switch Settings263Deleting Virtual Switches265Setting Up Virtual Routers267Configuring Routed Interfaces267Configuring Physical Routed Interfaces268Adding Logical Routed Interfaces270Deleting Logical Routed Interfaces272Configuring SFRP273Configuring Virtual Routers274Viewing Virtual Routers274Adding Virtual Routers275Setting Up DHCP Relay276Setting Up DHCPv4 Relay277Setting Up DHCPv6 Relay278Setting Up Static Routes278Understanding the Static Routes Table View279Adding Static Routes279Setting Up Dynamic Routing280Setting Up RIP Configuration281Adding Interfaces for RIP Configuration281Configuring Authentication Settings for RIP Configuration282Configuring Advanced Settings for RIP Configuration283Adding Import Filters for RIP Configuration284Adding Export Filters for RIP Configuration285Setting Up OSPF Configuration286Setting Up OSPF Routing Areas286Adding OSPF Areas286Adding OSPF Area Interfaces288Adding OSPF Area Vlinks290Adding Import Filters for OSPF Configuration292Adding Export Filters for OSPF Configuration293Setting Up Virtual Router Filters294Adding Virtual Router Authentication Profiles296Viewing Virtual Router Statistics297Deleting Virtual Routers297Setting Up Hybrid Interfaces299Adding Logical Hybrid Interfaces299Deleting Logical Hybrid Interfaces301Using Gateway VPNs303Understanding IPSec303Understanding IKE304Understanding VPN Deployments304Understanding Point-to-Point VPN Deployments304Understanding Star VPN Deployments305Understanding Mesh VPN Deployments306Managing VPN Deployments307Configuring VPN Deployments308Configuring Point-to-Point VPN Deployments308Configuring Star VPN Deployments311Configuring Mesh VPN Deployments313Configuring Advanced VPN Deployment Settings315Applying a VPN Deployment316Viewing VPN Deployment Status317Viewing VPN Statistics and Logs318Using the VPN Deployment Comparison View319Using NAT Policies321Planning and Implementing a NAT Policy322Configuring NAT Policies322Managing NAT Policy Targets323Organizing Rules in a NAT Policy325Working with NAT Rule Warnings and Errors326Managing NAT Policies327Creating a NAT Policy328Editing a NAT Policy329Copying a NAT Policy330Viewing a NAT Policy Report330Comparing Two NAT Policies331Using the NAT Policy Comparison View332Using the NAT Policy Comparison Report332Applying a NAT Policy333Applying a Complete NAT Policy334Applying Selected Policy Configurations335Creating and Editing NAT Rules335Understanding NAT Rule Types337Understanding NAT Rule Conditions and Condition Mechanics339Understanding NAT Rule Conditions339Adding Conditions to NAT Rules340Searching NAT Rule Condition Lists342Adding Literal Conditions to NAT Rules343Using Objects in NAT Rule Conditions343Working with Different Types of Conditions in NAT Rules343Adding Zone Conditions to NAT Rules344Adding Source Network Conditions to Dynamic NAT Rules345Adding Destination Network Conditions to NAT Rules347Adding Port Conditions to NAT Rules348Using Access Control Policies351Configuring Policies353Setting the Default Action354Logging Connections for the Default Action357Using Custom User Roles with Access Control Policies358Managing Policy Targets359Adding an HTTP Response Page360Filtering Traffic Based on Security Intelligence Data362Building the Security Intelligence Whitelist and Blacklist364Searching for Objects to Whitelist or Blacklist366Creating Objects to Whitelist or Blacklist366Logging Blacklisted Connections367Configuring Advanced Access Control Policy Settings368Organizing Rules in a Policy372Working with Rule Categories373Searching for Rules374Filtering Rules by Device375Working with Warnings and Errors376Understanding Invalid Configurations376Understanding Rule Pre-emption377Managing Access Control Policies377Creating an Access Control Policy378Editing an Access Control Policy379Copying an Access Control Policy380Viewing an Access Control Policy Report380Comparing Two Access Control Policies382Using the Access Control Policy Comparison View382Using the Access Control Policy Comparison Report383Applying an Access Control Policy384Applying a Complete Policy385Applying Selected Policy Configurations386Understanding and Writing Access Control Rules389Creating and Editing Access Control Rules390Understanding Rule Actions393Understanding Rule Conditions and Condition Mechanics396Understanding Rule Conditions397Adding Rule Conditions399Searching Condition Lists402Adding Literal Conditions402Using Objects in Conditions403Working with Different Types of Conditions403Adding Zone Conditions404Adding Network Conditions405Adding Geolocation Conditions406Adding VLAN Tag Conditions408Adding User Conditions409Working with Application Conditions410Understanding Application Condition Lists411Adding Application Conditions412Adding Port Conditions414Adding URL Conditions415Performing File and Intrusion Inspection on Allowed Traffic419Logging Connection, File, and Malware Information422Adding Comments to a Rule427Configuring External Alerting429Working with Alert Responses430Creating an Email Alert Response431Creating an SNMP Alert Response432Creating a Syslog Alert Response433Modifying an Alert Response435Deleting an Alert Response435Enabling and Disabling Alert Responses436Configuring Impact Flag Alerting436Configuring Discovery Event Alerting437Configuring Advanced Malware Protection Alerting437Working with Connection & Security Intelligence Data439Understanding Connection Data440Understanding Connection Summaries441Long-Running Connections442Combined Connection Summaries from External Responders442Connection and Security Intelligence Data Fields442Information Available in Connection and Security Intelligence Events448Uses for Connection Data in the FireSIGHT System451Viewing Connection and Security Intelligence Data451Working with Connection Graphs452Changing the Graph Type454Selecting Datasets456Viewing Information About Aggregated Connection Data458Manipulating a Connection Graph on a Workflow Page459Drilling Down Through Connection Data Graphs460Recentering and Zooming on Line Graphs460Selecting Data to Graph461Detaching Connection Graphs462Exporting Connection Data462Working with Connection and Security Intelligence Data Tables463Working with Events Associated with Monitor Rules464Viewing Files Detected in a Connection465Viewing Intrusion Events Associated with a Connection466Searching for Connection and Security Intelligence Data466Viewing the Connection Summary Page469Introduction to Intrusion Prevention471Understanding How Traffic Is Analyzed472Capturing and Decoding Packets473Processing Packets474Generating Events475Analyzing Intrusion Event Data476Using Intrusion Event Responses477Understanding Intrusion Prevention Deployments477The Benefits of Custom Intrusion Policies479Working with Intrusion Events481Viewing Intrusion Event Statistics482Host Statistics483Event Overview483Event Statistics484Viewing Intrusion Event Performance484Generating Intrusion Event Performance Statistics Graphs485Viewing Intrusion Event Graphs486Viewing Intrusion Events486Understanding Intrusion Events487Viewing Connection Data Associated with Intrusion Events492Reviewing Intrusion Events493Understanding Workflow Pages for Intrusion Events494Using Drill-Down and Table View Pages495Using the Packet View499Viewing Event Information501Using Packet View Actions504Setting Threshold Options within the Packet View505Setting Suppression Options within the Packet View506Viewing Frame Information507Viewing Data Link Layer Information508Viewing Network Layer Information508Viewing IPv4 Network Layer Information509Viewing IPv6 Network Layer Information510Viewing Transport Layer Information511TCP Packet View511UDP Packet View512ICMP Packet View512Viewing Packet Byte Information513Using Impact Levels to Evaluate Events513Searching for Intrusion Events515Using the Clipboard521Generating Clipboard Reports521Deleting Events from the Clipboard522Handling Incidents523Incident Handling Basics523Definition of an Incident523Common Incident Handling Processes524Incident Types in the FireSIGHT System526Creating an Incident527Editing an Incident527Generating Incident Reports528Creating Custom Incident Types529Configuring Intrusion Policies531Planning and Implementing an Intrusion Policy532Managing Intrusion Policies533Creating an Intrusion Policy535Editing an Intrusion Policy536Using the Navigation Panel538Committing Intrusion Policy Changes538Reapplying an Intrusion Policy539Viewing an Intrusion Policy Report540Comparing Two Intrusion Policies541Using the Intrusion Policy Comparison View542Using the Intrusion Policy Comparison Report543Setting Drop Behavior in an Inline Deployment544Understanding the Base Policy546Using Default Intrusion Policies546Using a Custom Base Policy547Allowing Rule Updates to Modify the Base Policy548Selecting the Base Policy548Accepting Rule Setting Changes from a Custom Base Policy550Managing Rules in an Intrusion Policy551Understanding Intrusion Prevention Rule Types552Viewing Rules in an Intrusion Policy553Sorting the Rule Display554Viewing Rule Details555Setting a Threshold for a Rule556Setting Suppression for a Rule557Setting a Dynamic Rule State for a Rule558Setting an SNMP Alert for a Rule559Adding a Rule Comment for a Rule559Filtering Rules in an Intrusion Policy560Understanding Rule Filtering in an Intrusion Policy560Guidelines for Constructing Intrusion Policy Rule Filters560Understanding Rule Configuration Filters563Understanding Rule Content Filters565Understanding Rule Categories567Editing a Rule Filter Directly567Setting a Rule Filter in an Intrusion Policy568Setting Rule States570Filtering Intrusion Event Notification Per Policy572Configuring Event Thresholding572Understanding Event Thresholding572Adding and Modifying Intrusion Event Thresholds574Viewing and Deleting Intrusion Event Thresholds575Configuring Suppression Per Intrusion Policy576Suppressing Intrusion Events577Viewing and Deleting Suppression Conditions578Adding Dynamic Rule States579Understanding Dynamic Rule States579Setting a Dynamic Rule State580Adding Alerts582Adding SNMP Alerts582Adding Rule Comments583Managing FireSIGHT Rule State Recommendations584Understanding Basic Rule State Recommendations585Understanding Advanced Rule State Recommendations586Understanding the Networks to Examine586Understanding Rule Overhead587Using FireSIGHT Recommendations587Using Advanced Settings in an Intrusion Policy591Modifying Advanced Settings591Understanding Preprocessors595Meeting Traffic Challenges with Preprocessors596Understanding Preprocessor Execution Order597Reading Preprocessor Events598Understanding the Preprocessor Event Packet Display598Reading Preprocessor Generator IDs598Automatically Enabling Advanced Settings600Understanding Troubleshooting Options603Using Layers in an Intrusion Policy605Understanding Intrusion Policy Layers605Sharing Layers606Using Rules in Layers607Removing Multi-Layer Rule Settings609Using the FireSIGHT Recommendations Layer610Using Layers with Advanced Settings611Configuring User Layers613Using Performance Settings in an Intrusion Policy617Event Queue Configuration617Understanding Packet Latency Thresholding618Setting Packet Latency Thresholding Options620Configuring Packet Latency Thresholding620Understanding Rule Latency Thresholding621Setting Rule Latency Thresholding Options623Configuring Rule Latency Thresholding624Performance Statistics Configuration625Constraining Regular Expressions626Rule Processing Configuration628Using Application Layer Preprocessors631Decoding DCE/RPC Traffic632Selecting Global DCE/RPC Options633Understanding Target-Based DCE/RPC Server Policies634Understanding DCE/RPC Transports635Understanding Connectionless and Connection-Oriented DCE/RPC Traffic636Understanding the RPC over HTTP Transport637Selecting DCE/RPC Target-Based Policy Options638Configuring the DCE/RPC Preprocessor641Detecting Exploits in DNS Name Server Responses644Understanding DNS Preprocessor Resource Record Inspection644Detecting Overflow Attempts in RData Text Fields645Detecting Obsolete DNS Resource Record Types646Detecting Experimental DNS Resource Record Types646Configuring the DNS Preprocessor647Decoding FTP and Telnet Traffic648Understanding Global FTP and Telnet Options648Configuring Global FTP/Telnet Options649Understanding Telnet Options650Configuring Telnet Options651Understanding Server-Level FTP Options652Creating FTP Command Parameter Validation Statements654Configuring Server-Level FTP Options655Understanding Client-Level FTP Options657Configuring Client-Level FTP Options658Decoding HTTP Traffic660Selecting Global HTTP Normalization Options661Configuring Global HTTP Configuration Options662Selecting Server-Level HTTP Normalization Options663Selecting Server-Level HTTP Normalization Encoding Options669Configuring HTTP Server Options672Enabling Additional HTTP Inspect Preprocessor Rules674Using the Sun RPC Preprocessor674Configuring the Sun RPC Preprocessor675Decoding the Session Initiation Protocol676Selecting SIP Preprocessor Options677Configuring the SIP Preprocessor679Enabling Additional SIP Preprocessor Rules680Configuring the GTP Command Channel681Decoding IMAP Traffic682Selecting IMAP Preprocessor Options683Configuring the IMAP Preprocessor684Enabling Additional IMAP Preprocessor Rules685Decoding POP Traffic686Selecting POP Preprocessor Options686Configuring the POP Preprocessor687Enabling Additional POP Preprocessor Rules688Decoding SMTP Traffic689Understanding SMTP Decoding689Configuring SMTP Decoding694Enabling SMTP Maximum Decoding Memory Alerting696Detecting Exploits Using the SSH Preprocessor696Selecting SSH Preprocessor Options697Configuring the SSH Preprocessor699Using the SSL Preprocessor700Understanding SSL Preprocessing701Enabling SSL Preprocessor Rules702Configuring the SSL Preprocessor702Working with SCADA Preprocessors704Configuring the Modbus Preprocessor704Configuring the DNP3 Preprocessor705Using Transport & Network Layer Preprocessors709Verifying Checksums709Ignoring VLAN Headers710Normalizing Inline Traffic712Understanding Protocol Normalization712IPv4 Normalization713IPv6 Normalization713ICMPv4 and ICMPv6 Normalization713TCP Normalization713Configuring Inline Normalization715Defragmenting IP Packets719Understanding IP Fragmentation Exploits719Target-Based Defragmentation Policies720Selecting Defragmentation Options721Configuring IP Defragmentation722Understanding Packet Decoding723Configuring Packet Decoding726Using TCP Stream Preprocessing727Understanding State-Related TCP Exploits728Initiating Active Responses with Drop Rules729Selecting TCP Global Options729Understanding Target-Based TCP Policies730Selecting TCP Policy Options731Reassembling TCP Streams734Understanding Stream-Based Attacks735Selecting Stream Reassembly Options735Configuring TCP Stream Preprocessing737Using UDP Stream Preprocessing739Configuring UDP Stream Preprocessing739Using the FireSIGHT System as a Compliance Tool741Understanding Compliance White Lists742Understanding White List Targets743Understanding White List Host Profiles744Understanding the Global Host Profile744Understanding Host Profiles for Specific Operating Systems744Understanding Shared Host Profiles745Understanding White List Evaluations745Understanding White List Violations746Creating Compliance White Lists747Surveying Your Network749Providing Basic White List Information750Configuring Compliance White List Targets750Modifying Existing Targets752Deleting Existing Targets752Configuring Compliance White List Host Profiles753Configuring the Global Host Profile753Creating Host Profiles for Specific Operating Systems754Adding an Application Protocol to a Host Profile755Adding a Client to a Host Profile756Adding a Web Application to a Host Profile757Adding a Protocol to a Host Profile757Adding a Shared Host Profile to a Compliance White List758Modifying Existing Host Profiles759Deleting Existing Host Profiles762Managing Compliance White Lists762Modifying a Compliance White List763Deleting a Compliance White List763Working with Shared Host Profiles763Creating Shared Host Profiles764Modifying a Shared Host Profile765Deleting a Shared Host Profile767Resetting Built-In Host Profiles to Their Factory Defaults768Working with White List Events768Viewing White List Events769Understanding the White List Events Table770Searching for Compliance White List Events771Working with White List Violations773Viewing White List Violations773Understanding the White List Violations Table775Searching for White List Violations776Detecting Specific Threats779Detecting Back Orifice779Detecting Portscans780Configuring Portscan Detection783Understanding Portscan Events785Preventing Rate-Based Attacks787Understanding Rate-Based Attack Prevention787Preventing SYN Attacks789Controlling Simultaneous Connections790Rate-Based Attack Prevention and Other Filters790Rate-Based Attack Prevention and Detection Filtering790Dynamic Rule States and Thresholding or Suppression791Policy-Wide Rate-Based Detection and Thresholding or Suppression793Rate-Based Detection with Multiple Filtering Methods794Configuring Rate-Based Attack Prevention795Detecting Sensitive Data797Deploying Sensitive Data Detection798Selecting Global Sensitive Data Detection Options798Selecting Individual Data Type Options799Using Predefined Data Types800Configuring Sensitive Data Detection801Selecting Application Protocols to Monitor803Special Case: Detecting Sensitive Data in FTP Traffic804Using Custom Data Types805Defining Data Patterns in Custom Data Types805Configuring Custom Data Types807Editing Custom Data Type Names and Detection Patterns808Using Adaptive Profiles811Understanding Adaptive Profiles811Using Adaptive Profiles with Preprocessors812Adaptive Profiles and FireSIGHT Recommended Rules812Configuring Adaptive Profiles813Using Global Rule Thresholding815Understanding Thresholding815Understanding Thresholding Options816Configuring Global Thresholds817Disabling the Global Threshold818Configuring External Alerting for Intrusion Rules821Using SNMP Responses821Configuring SNMP Responses823Using Syslog Responses824Configuring Syslog Responses826Understanding Email Alerting826Configuring Email Alerting828Understanding and Writing Intrusion Rules831Understanding Rule Anatomy832Understanding Rule Headers832Specifying Rule Actions834Specifying Protocols834Specifying IP Addresses In Intrusion Rules835Specifying Any IP Address836Specifying Multiple IP Addresses836Specifying Network Objects837Excluding IP Addresses in Intrusion Rules837Defining Ports in Intrusion Rules838Specifying Direction839Understanding Keywords and Arguments in Rules839Defining Intrusion Event Details841Defining the Event Message841Defining the Event Priority841Defining the Intrusion Event Classification842Defining the Event Reference844Searching for Content Matches844Constraining Content Matches845Case Insensitive846Raw Data846Not846Search Location Options847HTTP Content Options849Use Fast Pattern Matcher852Replacing Content in Inline Deployments855Using Byte_Jump and Byte_Test856byte_jump856byte_test859Searching for Content Using PCRE861Perl-Compatible Regular Expression Basics862PCRE Modifier Options863Example PCRE Keyword Values866Adding Metadata to a Rule867Inspecting IP Header Values871Inspecting Fragments and Reserved Bits872Inspecting the IP Header Identification Value872Identifying Specified IP Options872Identifying Specified IP Protocol Numbers873Inspecting a Packet’s Type of Service873Inspecting a Packet’s Time-To-Live Value873Inspecting ICMP Header Values874Identifying Static ICMP ID and Sequence Values874Inspecting the ICMP Message Type875Inspecting the ICMP Message Code875Inspecting TCP Header Values and Stream Size876Inspecting the TCP Acknowledgement Value876Inspecting TCP Flag Combinations876Applying Rules to a TCP or UDP Client or Server Flow877Identifying Static TCP Sequence Numbers878Identifying TCP Windows of a Given Size879Identifying TCP Streams of a Given Size879Enabling and Disabling TCP Stream Reassembly880Extracting SSL Information from a Session881ssl_state881ssl_version882Inspecting Application Layer Protocol Values883RPC883ASN.1883urilen884DCE/RPC Keywords885dce_iface887dce_opnum888dce_stub_data888SIP Keywords889sip_header889sip_body889sip_method890sip_stat_code890GTP Keywords891gtp_version891gtp_type892gtp_info896Modbus Keywords901modbus_data902modbus_func902modbus_unit903DNP3 Keywords903dnp3_data904dnp3_func904dnp3_ind905dnp3_obj906Inspecting Packet Characteristics907dsize907isdataat907sameip908fragoffset908cvs909Reading Packet Data into Keyword Arguments909Initiating Active Responses with Rule Keywords912Initiating Active Responses by Type and Direction913Sending an HTML Page Before a TCP Reset914Setting the Active Response Reset Attempts and Interface915Filtering Events916Evaluating Post-Attack Traffic917Detecting Attacks That Span Multiple Packets918Generating Events on the HTTP Encoding Type and Location923Pointing to a Specific Payload Type925Pointing to the Beginning of the Packet Payload926Decoding and Inspecting Base64 Data926base64_decode927base64_data928Constructing a Rule928Writing New Rules928Modifying Existing Rules930Adding Comments to Rules931Deleting Custom Rules932Searching for Rules933Filtering Rules on the Rule Editor Page935Using Keywords in a Rule Filter935Using Character Strings in a Rule Filter936Combining Keywords and Character Strings in a Rule Filter937Filtering Rules937Blocking Malware and Prohibited Files939Understanding Malware Protection and File Control940Configuring Malware Protection and File Control943Logging Events Based on Malware Protection and File Control944Integrating FireAMP with the FireSIGHT System944Network-Based AMP vs Endpoint-Based FireAMP945Understanding and Creating File Policies947Creating a File Policy955Working with File Rules956Configuring Advanced File Policy Options958Comparing Two File Policies959Working with Cloud Connections for FireAMP960Creating a Cisco Cloud Connection960Deleting or Disabling a Cloud Connection961Analyzing Malware and File Activity963Working with File Storage964Understanding Captured File Storage965Downloading Stored Files to Another Location966Working with Dynamic Analysis966Understanding Spero Analysis967Submitting Files for Dynamic Analysis968Reviewing the Threat Score and Dynamic Analysis Summary968Working with File Events969Viewing File Events969Understanding the File Events Table971Searching for File Events973Working with Malware Events975Viewing Malware Events977Understanding the Malware Events Table978Malware Event Types982Searching for Malware Events983Working with Captured Files985Viewing Captured Files986Understanding the Captured Files Table987Searching for Captured Files988Working with Network File Trajectory990Reviewing Network File Trajectory990Accessing Network File Trajectory991Analyzing Network File Trajectory992Summary Information992Trajectory Map994Events Table997Introduction to Network Discovery999Understanding Discovery Data Collection999Understanding Host Data Collection1000Understanding User Data Collection1001Managed Devices1002User Agents1003Defense Center-LDAP Server Connections1005Users Database1005User Activity Database1006Access-Controlled Users Database1006User Data Collection Limitations1007Understanding Application Detection1008Understanding the Application Protocol Detection Process1010Implied Application Protocol Detection from Client Detection1011Host Limits and Discovery Event Logging1012Special Considerations for Application Protocol Detection: Squid1012Special Considerations: SSL Application Detection1012Special Considerations: Referred Web Applications1013Importing Third-Party Discovery Data1013Uses for Discovery Data1014Understanding NetFlow1014Differences Between NetFlow and FireSIGHT Data1015Preparing to Analyze NetFlow Data1017Understanding Indications of Compromise1018Understanding Indications of Compromise Types1018Endpoint-Based Malware Event IOC Types1018Intrusion Event IOC Types1019Security Intelligence Event IOC Types1020Viewing and Editing Indications of Compromise Data1020Creating a Network Discovery Policy1020Working with Discovery Rules1021Understanding Device Selection1022Understanding Actions and Discovered Assets1023Understanding Monitored Networks1023Understanding Zones in Network Discovery Policies1024Understanding Port Exclusions1024Adding a Discovery Rule1024Creating Network Objects1026Creating Port Objects1027Restricting User Logging1028Configuring Advanced Network Discovery Options1029Configuring General Settings1029Configuring Identity Conflict Resolution1030Enabling Vulnerability Impact Assessment Mappings1031Setting Indications of Compromise Rules1032Adding NetFlow-Enabled Devices1032Configuring Data Storage1033Configuring Discovery Event Logging1034Adding Identity Sources1035Applying the Network Discovery Policy1036Obtaining User Data from LDAP Servers1037Creating LDAP Connections with the Defense Center1037Preparing to Connect to an LDAP Server1038Creating an LDAP Connection for User Control1039Enabling and Disabling User Awareness LDAP Connections1042Performing an On-Demand User Data Retrieval for Access Control1043Configuring Defense Center-User Agent Connections1043Configuring the Defense Center to Connect to a User Agent1044Installing a User Agent1045Configuring User and Security Permissions1046Configuring a User Agent1046Using the Network Map1049Understanding the Network Map1049Working with the Hosts Network Map1050Working with the Network Devices Network Map1051Working with the Indications of Compromise Network Map1052Working with the Mobile Devices Network Map1053Working with the Applications Network Map1054Working with the Vulnerabilities Network Map1055Working with the Host Attributes Network Map1057Working with Custom Network Topologies1058Creating Custom Topologies1059Providing Basic Topology Information1060Importing a Discovered Topology1060Importing Networks from a Network Discovery Policy1061Manually Adding Networks to Your Custom Topology1061Managing Custom Topologies1062Using Host Profiles1065Viewing Host Profiles1068Working with Basic Host Information in the Host Profile1069Working with IP Addresses in the Host Profile1070Working with Indications of Compromise in the Host Profile1071Editing Indication of Compromise Rule States for a Single Host1072Viewing Source Events for Indications of Compromise1072Resolving Indications of Compromise1073Working with Operating Systems in the Host Profile1073Viewing Operating System Identities1075Editing an Operating System1076Resolving Operating System Identity Conflicts1077Working with Servers in the Host Profile1078Server Detail1079Editing Server Identities1081Resolving Server Identity Conflicts1082Working with Applications in the Host Profile1082Viewing Applications in the Host Profile1083Deleting Applications from the Host Profile1084Working with VLAN Tags in the Host Profile1084Working with User History in the Host Profile1085Working with Host Attributes in the Host Profile1085Assigning Host Attribute Values1085Working with Host Protocols in the Host Profile1086Working with White List Violations in the Host Profile1086Creating a White List Host Profile from a Host Profile1087Working with Malware Detections in the Host Profile1088Working with Vulnerabilities in the Host Profile1088Viewing Vulnerability Details1090Setting the Vulnerability Impact Qualification1091Downloading Patches for Vulnerabilities1092Setting Vulnerabilities for Individual Hosts1093Working with the Predefined Host Attributes1093Working with User-Defined Host Attributes1094Creating User-Defined Host Attributes1095Creating Integer Host Attributes1096Creating List Host Attributes1096Editing a User-Defined Host Attribute1097Deleting a User-Defined Host Attribute1097Working with Scan Results in a Host Profile1098Scanning a Host from the Host Profile1098Working with Discovery Events1099Viewing Discovery Event Statistics1100Statistics Summary1101Event Breakdown1102Protocol Breakdown1102Application Protocol Breakdown1102OS Breakdown1103Viewing Discovery Performance Graphs1103Understanding Discovery Event Workflows1104Working with Discovery and Host Input Events1106Understanding Discovery Event Types1107Understanding Host Input Event Types1111Viewing Discovery and Host Input Events1112Understanding the Discovery Events Table1113Searching for Discovery Events1114Working with Hosts1116Viewing Hosts1116Understanding the Hosts Table1117Creating a Traffic Profile for Selected Hosts1120Creating a Compliance White List Based on Selected Hosts1121Searching for Hosts1121Working with Host Attributes1124Viewing Host Attributes1124Understanding the Host Attributes Table1125Setting Host Attributes for Selected Hosts1126Searching for Host Attributes1127Working with Indications of Compromise1128Viewing Indications of Compromise1129Understanding the Indications of Compromise Table1129Searching for Indications of Compromise1130Working with Servers1131Viewing Servers1132Understanding the Servers Table1133Searching for Servers1135Working with Applications1136Viewing Applications1137Understanding the Applications Table1138Searching for Applications1139Working with Application Details1140Viewing Application Details1141Understanding the Application Detail Table1141Searching for Application Details1143Working with Vulnerabilities1144Viewing Vulnerabilities1145Understanding the Vulnerabilities Table1146Deactivating Vulnerabilities1147Searching for Vulnerabilities1148Working with Third-Party Vulnerabilities1149Viewing Third-Party Vulnerabilities1150Understanding the Third-Party Vulnerabilities Table1150Searching for Third-Party Vulnerabilities1151Working with Users1153Viewing Users1154Understanding the Users Table1154Understanding User Details and Host History1156Searching for Users1157Working with User Activity1158Viewing User Activity Events1159Understanding the User Activity Table1160Searching for User Activity1161Configuring Correlation Policies and Rules1163Creating Rules for Correlation Policies1164Providing Basic Rule Information1167Specifying Correlation Rule Trigger Criteria1167Syntax for Intrusion Events1169Syntax for Malware Events1171Syntax for Discovery Events1172Syntax for User Activity Events1174Syntax for Host Input Events1174Syntax for Connection Events1175Syntax for Traffic Profile Changes1177Adding a Host Profile Qualification1179Syntax for Host Profile Qualifications1180Constraining Correlation Rules Using Connection Data Over Time1182Adding a Connection Tracker1183Syntax for Connection Trackers1184Syntax for Connection Tracker Events1187Example: Excessive Connections From External Hosts1187Example: Excessive BitTorrent Data Transfers1189Adding a User Qualification1192Syntax for User Qualifications1193Adding Snooze and Inactive Periods1193Understanding Rule Building Mechanics1195Building a Single Condition1196Adding and Linking Conditions1198Using Multiple Values in a Condition1201Managing Rules for Correlation Policies1202Modifying a Rule1202Deleting a Rule1202Creating a Rule Group1203Grouping Correlation Responses1203Creating a Response Group1204Modifying a Response Group1205Deleting a Response Group1205Activating and Deactivating Response Groups1205Creating Correlation Policies1206Providing Basic Policy Information1207Adding Rules and White Lists to a Correlation Policy1207Setting Rule and White List Priorities1208Adding Responses to Rules and White Lists1209Managing Correlation Policies1210Activating and Deactivating Correlation Policies1211Editing a Correlation Policy1211Deleting a Correlation Policy1211Working with Correlation Events1212Viewing Correlation Events1212Understanding the Correlation Events Table1214Searching for Correlation Events1215Creating Traffic Profiles1219Providing Basic Profile Information1221Specifying Traffic Profile Conditions1221Syntax for Traffic Profile Conditions1222Adding a Host Profile Qualification1223Syntax for Host Profile Qualifications1224Setting Profile Options1225Saving a Traffic Profile1226Activating and Deactivating Traffic Profiles1226Editing a Traffic Profile1227Understanding Condition-Building Mechanics1227Building a Single Condition1229Adding and Linking Conditions1231Using Multiple Values in a Condition1234Viewing Traffic Profiles1234Configuring Remediations1237Creating Remediations1237Configuring Remediations for Cisco IOS Routers1239Adding a Cisco IOS Instance1240Cisco IOS Block Destination Remediations1241Cisco IOS Block Destination Network Remediations1241Cisco IOS Block Source Remediations1242Cisco IOS Block Source Network Remediations1243Configuring Remediations for Cisco PIX Firewalls1244Adding a Cisco PIX Instance1245Cisco PIX Block Destination Remediations1246Cisco PIX Block Source Remediations1246Configuring Nmap Remediations1247Adding an Nmap Scan Instance1247Nmap Scan Remediations1248Configuring Set Attribute Remediations1251Adding a Set Attribute Value Instance1251Set Attribute Value Remediations1252Working with Remediation Status Events1253Viewing Remediation Status Events1253Working with Remediation Status Events1255Understanding the Remediation Status Table1255Searching for Remediation Status Events1256Enhancing Network Discovery1259Assessing Your Detection Strategy1260Are Your Managed Devices Correctly Placed?1260Do Unidentified Operating Systems Have a Unique TCP Stack?1260Can the FireSIGHT System Identify All Applications?1261Have You Applied Patches that Fix Vulnerabilities?1261Do You Want to Track Third-Party Vulnerabilities?1261Enhancing Your Network Map1262Understanding Passive Detection1262Understanding Active Detection1262Understanding Current Identities1263Understanding Identity Conflicts1264Using Custom Fingerprinting1265Fingerprinting Clients1266Fingerprinting Servers1269Managing Fingerprints1271Activating Fingerprints1272Deactivating Fingerprints1273Deleting Fingerprints1273Editing Fingerprints1273Editing an Inactive Fingerprint1274Editing an Active Fingerprint1274Working with Application Detectors1275Creating a User-Defined Application Protocol Detector1277Providing Basic Application Protocol Detector Information1278Creating a User-Defined Application1279Specifying Detection Criteria for Application Protocol Detectors1279Adding Detection Patterns to an Application Protocol Detector1280Testing an Application Protocol Detector Against Packet Captures1281Managing Detectors1282Viewing Detector Details1282Sorting the Detector List1283Filtering the Detector List1283Navigating to Other Detector Pages1285Activating and Deactivating Detectors1285Modifying Application Detectors1286Deleting Detectors1287Importing Host Input Data1287Enabling the Use of Third-Party Data1288Managing Third-Party Product Mappings1288Mapping Third-Party Products1289Mapping Third-Party Product Fixes1290Mapping Third-Party Vulnerabilities1291Managing Custom Product Mappings1292Creating Custom Product Mappings1292Editing Custom Product Mapping Lists1293Managing Custom Product Mapping Activation State1294Configuring Active Scanning1295Understanding Nmap Scans1295Understanding Nmap Remediations1296Creating an Nmap Scanning Strategy1299Selecting Appropriate Scan Targets1299Selecting Appropriate Ports to Scan1300Setting Host Discovery Options1300Sample Nmap Scanning Profiles1300Example: Resolving Unknown Operating Systems1301Example: Responding to New Hosts1302Setting up Nmap Scans1303Creating an Nmap Scan Instance1303Creating an Nmap Scan Target1304Creating an Nmap Remediation1305Managing Nmap Scanning1308Managing Nmap Scan Instances1308Editing an Nmap Scan Instance1308Deleting an Nmap Scan Instance1309Managing Nmap Remediations1309Editing an Nmap Remediation1310Deleting an Nmap Remediation1310Running an On-Demand Nmap Scan1310Managing Scan Targets1311Editing a Scan Target1312Deleting a Scan Target1312Working with Active Scan Results1313Viewing Scan Results1313Understanding the Scan Results Table1315Analyzing Scan Results1315Monitoring Scans1315Importing Scan Results1316Searching for Scan Results1316Working with Reports1319Generating Reports1319Creating a Report Template from an Event View1320Creating a Report Template by Importing a Dashboard or Workflow1321Generating Reports from a Report Template1322Using Report Generation Options1324Managing Reports1324Understanding Report Templates1324Using Report Templates1326Creating Report Templates from Existing Templates1327Using Predefined Report Templates1327Creating New Report Templates1330Creating a Template Shell1330Configuring the Content of the Template Sections1331Setting Attributes for PDF and HTML Report Documents1331Editing the Sections of a Report Template1332Setting the Table and Data Format for a Template Section1332Specifying the Search or Filter for a Template Section1333Setting the Search Fields that Appear in Table Format Sections1334Adding a Text Section to a Report Template1334Adding a Page Break to a Report Template1335Setting the Time Window for a Template and Its Sections1335Renaming a Template Section1336Previewing a Template Section1337Working with Searches in Report Template Sections1337Using Input Parameters1338Predefined Input Parameters1338User-Defined Input Parameters1339Editing Document Attributes in a Report Template1342Customizing a Cover Page1343Managing Logos1344Adding a New Logo1344Changing the Logo for a Report Template1345Deleting a Logo1345Using Report Generation Options1346Generating Reports Using the Scheduler1346Distributing Reports by Email at Generation Time1347Using Remote Storage for Reports1347Managing Report Templates and Report Files1348Exporting and Importing Report Templates1349Deleting Report Templates1350Downloading Reports1350Deleting Reports1351Searching for Events1353Performing and Saving Searches1353Performing a Search1354Loading a Saved Search1355Deleting a Saved Search1356Using Wildcards and Symbols in Searches1356Using Objects and Application Filters in Searches1357Specifying Time Constraints in Searches1357Specifying IP Addresses in Searches1357Specifying Ports in Searches1358Stopping Long-Running Queries1359Using Custom Tables1361Understanding Custom Tables1361Understanding Possible Table Combinations1362Creating a Custom Table1365Modifying a Custom Table1367Deleting a Custom Table1368Viewing a Workflow Based on a Custom Table1368Searching Custom Tables1369Understanding and Using Workflows1373Components of a Workflow1373Comparing Predefined and Custom Workflows1375Comparing Workflows for Predefined and Custom Tables1375Predefined Intrusion Event Workflows1376Predefined Malware Workflows1377Predefined File Workflows1378Predefined Captured File Workflows1378Predefined Connection Data Workflows1379Predefined Security Intelligence Workflows1380Predefined Host Workflows1380Predefined Indications of Compromise Workflows1381Predefined Applications Workflows1381Predefined Application Details Workflows1382Predefined Servers Workflows1383Predefined Host Attributes Workflows1383Predefined Discovery Events Workflows1383Predefined User Workflows1384Predefined Vulnerabilities Workflows1384Predefined Third-Party Vulnerabilities Workflows1384Predefined Correlation and White List Workflows1385Predefined System Workflows1385Saved Custom Workflows1386Using Workflows1387Selecting Workflows1388Understanding the Workflow Toolbar1389Using Workflow Pages1390Using Common Table View or Drill-Down Page Functionality1390Using Geolocation1392Using Table View Pages1394Using Drill-Down Pages1394Using the Host View, Packet View, or Vulnerability Detail Pages1395Setting Event Time Constraints1395Changing the Time Window1396Changing the Default Time Window for Your Event Type1400Pausing the Time Window1402Constraining Events1403Using Compound Constraints1405Sorting Table View Pages and Changing Their Layout1406Sorting Drill-Down Workflow Pages1406Selecting Rows on a Workflow Page1407Navigating to Other Pages in the Workflow1407Navigating Between Workflows1408Using Bookmarks1409Creating Bookmarks1410Viewing Bookmarks1410Deleting Bookmarks1410Using Custom Workflows1411Creating Custom Workflows1411Creating Custom Connection Data Workflows1413Viewing Custom Workflows1414Viewing Custom Workflows for Predefined Tables1415Viewing Custom Workflows for Custom Tables1415Editing Custom Workflows1415Deleting Custom Workflows1416Managing Users1417Understanding Cisco User Authentication1417Understanding Internal Authentication1419Understanding External Authentication1419Understanding User Privileges1420Managing Authentication Objects1421Understanding LDAP Authentication1421Setting Defaults1422Setting a Base DN1423Setting a Base Filter1423Selecting an Impersonation Account1423Encrypting Your LDAP Connection1423Setting the User Name Template1424Setting a Connection Timeout1424Using Attributes to Manage Access1424Using Group Membership to Manage Access1425Setting up Shell Access1425Testing the Connection1425Preparing to Create an LDAP Authentication Object1426Quick Start to LDAP Authentication1427Tuning Your LDAP Authentication Connection1429Creating Advanced LDAP Authentication Objects1430Identifying the LDAP Authentication Server1432Configuring LDAP-Specific Parameters1433Configuring Access Settings by Group1437Configuring Administrative Shell Access1438Testing User Authentication1439LDAP Authentication Object Examples1440Example: Basic LDAP Configuration1440Example: Advanced LDAP Configuration1442Editing LDAP Authentication Objects1445Understanding RADIUS Authentication1445Creating RADIUS Authentication Objects1446Configuring RADIUS Connection Settings1447Configuring RADIUS User Roles1448Configuring Administrative Shell Access1450Defining Custom RADIUS Attributes1450Testing User Authentication1451RADIUS Authentication Object Examples1452Authenticating a User Using RADIUS1452Authenticating a User with Custom Attributes1453Editing RADIUS Authentication Objects1456Deleting Authentication Objects1456Managing User Accounts1457Viewing User Accounts1457Adding New User Accounts1458Managing Command Line Access1459Managing Externally Authenticated User Accounts1461Managing User Login Settings1461Configuring User Roles1463Managing Predefined User Roles1463Managing Custom User Roles1465Creating a Custom Copy of a Predefined User Role1467Deleting a Custom User Role1467Modifying User Privileges and Options1468Understanding Restricted User Access Properties1469Modifying User Passwords1469Deleting User Accounts1470User Account Privileges1470Overview Menu1470Analysis Menu1471Policies Menu1474Devices Menu1475Object Manager1476FireAMP1476Health Menu1476System Menu1477Help Menu1478Managing User Role Escalation1478Configuring the Escalation Target Role1478Configuring a Custom User Role for Escalation1479Escalating Your User Role1480Configuring Single Sign-on from Cisco Security Manager1480Scheduling Tasks1483Configuring a Recurring Task1484Automating Backup Jobs1485Automating Certificate Revocation List Downloads1486Automating Nmap Scans1487Preparing Your System for an Nmap Scan1487Scheduling an Nmap Scan1487Automating Applying an Intrusion Policy1488Automating Reports1490Automating Geolocation Database Updates1491Automating FireSIGHT Recommendations1492Automating Software Updates1493Automating Software Downloads1494Automating Software Pushes1495Automating Software Installs1496Automating Vulnerability Database Updates1497Automating VDB Update Downloads1498Automating VDB Update Installs1498Automating URL Filtering Updates1499Viewing Tasks1501Using the Calendar1501Using the Task List1501Editing Scheduled Tasks1502Deleting Scheduled Tasks1503Deleting a Recurring Task1503Deleting a One-Time Task1503Managing System Policies1505Creating a System Policy1506Editing a System Policy1507Applying a System Policy1508Comparing System Policies1508Using the System Policy Comparison View1509Using the System Policy Comparison Report1510Deleting System Policies1511Configuring a System Policy1511Configuring Access Control Policy Preferences1512Configuring the Access List for Your Appliance1512Configuring Audit Log Settings1514Configuring Authentication Profiles1515Configuring Dashboard Settings1517Configuring Database Event Limits1518Configuring DNS Cache Properties1520Configuring a Mail Relay Host and Notification Address1521Configuring Intrusion Policy Preferences1522Specifying a Different Language1523Adding a Custom Login Banner1524Configuring SNMP Polling1525Enabling STIG Compliance1526Synchronizing Time1527Serving Time from the Defense Center1529Configuring User Interface Settings1530Mapping Vulnerabilities for Servers1531Configuring Appliance Settings1533Viewing and Modifying the Appliance Information1534Using Custom HTTPS Certificates1535Viewing the Current HTTPS Server Certificate1535Generating a Server Certificate Request1536Uploading Server Certificates1537Configuring User Certificates1538Enabling Access to the Database1539Configuring Network Settings1540Editing Management Interface Configurations1542Shutting Down and Restarting the System1543Setting the Time Manually1544Managing Remote Storage1546Using Local Storage1546Using NFS for Remote Storage1547Using SSH for Remote Storage1548Using SMB for Remote Storage1549Understanding Change Reconciliation1550Managing Remote Console Access1552Configuring Remote Console Settings on the Appliance1552Enabling Lights-Out Management User Access1553Using a Serial Over LAN Connection1554Using Lights-Out Management1556Enabling Cloud Communications1557Licensing the FireSIGHT System1561Understanding Licensing1561License Types and Restrictions1562FireSIGHT1563RNA Host and RUA User1564Protection1564Control1565URL Filtering1566Malware1566VPN1567Licensing High Availability Pairs1567Licensing Stacked and Clustered Devices1568Licensing Series 2 Appliances1568Understanding FireSIGHT Host and User License Limits1568Understanding the FireSIGHT Host Limit1569Understanding the FireSIGHT User Limit1570Understanding the Access-Controlled User Limit1570Viewing Your Licenses1571Adding a License to the Defense Center1571Deleting a License1572Changing a Device’s Licensed Capabilities1573Updating System Software1575Understanding Update Types1575Performing Software Updates1576Planning for the Update1577Understanding the Update Process1577Updating a Defense Center1580Updating Managed Devices1582Monitoring the Status of Major Updates1584Uninstalling Software Updates1585Updating the Vulnerability Database1587Importing Rule Updates and Local Rule Files1588Using One-Time Rule Updates1589Using Manual One-Time Rule Updates1590Using Automatic One-Time Rule Updates1591Using Recurring Rule Updates1592Importing Local Rule Files1593Viewing the Rule Update Log1595Understanding the Rule Update Log Table1596Viewing Rule Update Import Log Details1596Understanding the Rule Update Import Log Detailed View1597Searching the Rule Update Import Log1598Updating the Geolocation Database1600Monitoring the System1603Viewing Host Statistics1603Monitoring System Status and Disk Space Usage1605Viewing System Process Status1606Understanding Running Processes1608Understanding System Daemons1608Understanding Executables and System Utilities1610Using Health Monitoring1613Understanding Health Monitoring1613Understanding Health Policies1615Understanding Health Modules1615Understanding Health Monitoring Configuration1618Configuring Health Policies1618Understanding the Default Health Policy1619Creating Health Policies1620Configuring Policy Run Time Intervals1622Configuring Advanced Malware Protection Monitoring1622Configuring Appliance Heartbeat Monitoring1623Configuring Automatic Application Bypass Monitoring1623Configuring CPU Usage Monitoring1624Configuring Card Reset Monitoring1625Configuring Discovery Event Status Monitoring1625Configuring Disk Status Monitoring1626Configuring Disk Usage Monitoring1627Configuring FireAMP Status Monitoring1628Configuring FireSIGHT Host Usage Monitoring1628Configuring Hardware Alarm Monitoring1629Configuring Health Status Monitoring1630Configuring Inline Link Mismatch Alarm Monitoring1631Configuring Intrusion Event Rate Monitoring1631Understanding License Monitoring1632Configuring Link State Propagation Monitoring1632Configuring Memory Usage Monitoring1633Configuring Power Supply Monitoring1634Configuring Process Status Monitoring1634Configuring RRD Server Process Monitoring1635Configuring Security Intelligence Monitoring1636Configuring Time Series Data Monitoring1637Configuring Time Synchronization Monitoring1637Configuring Traffic Status Monitoring1638Configuring URL Filtering Monitoring1638Configuring User Agent Status Monitoring1639Configuring VPN Status Monitoring1640Applying Health Policies1640Editing Health Policies1641Comparing Health Policies1643Using the Health Policy Comparison View1644Using the Health Policy Comparison Report1644Deleting Health Policies1646Using the Health Monitor Blacklist1646Blacklisting Health Policies or Appliances1647Blacklisting an Appliance1648Blacklisting a Health Policy Module1648Configuring Health Monitor Alerts1649Creating Health Monitor Alerts1649Interpreting Health Monitor Alerts1650Editing Health Monitor Alerts1651Deleting Health Monitor Alerts1651Using the Health Monitor1652Interpreting Health Monitor Status1652Using Appliance Health Monitors1653Viewing Alerts by Status1654Running All Modules for an Appliance1654Running a Specific Health Module1655Generating Health Module Alert Graphs1656Using the Health Monitor to Troubleshoot1657Generating Appliance Troubleshooting Files1657Downloading Troubleshooting Files1658Working with Health Events1658Understanding Health Event Views1659Viewing Health Events1659Viewing All Health Events1659Viewing Health Events by Module and Appliance1660Working with the Health Events Table View1661Interpreting Hardware Alert Details for 3D9900 Devices1662Interpreting Hardware Alert Details for Series 3 Devices1663Understanding the Health Events Table1664Searching for Health Events1665Auditing the System1669Managing Audit Records1669Viewing Audit Records1670Working with Audit Events1671Suppressing Audit Records1672Understanding the Audit Log Table1675Using the Audit Log to Examine Changes1675Searching Audit Records1676Viewing the System Log1678Filtering System Log Messages1678Using Backup and Restore1681Creating Backup Files1682Creating Backup Profiles1683Backing up Your Managed Devices with a Defense Center1684Uploading Backups from a Local Host1685Restoring the Appliance from a Backup File1686Specifying User Preferences1689Changing Your Password1689Changing an Expired Password1690Specifying Your Home Page1690Configuring Event View Settings1691Event Preferences1691File Preferences1692Default Time Windows1693Default Workflows1694Setting Your Default Time Zone1695Specifying Your Default Dashboard1695Importing and Exporting Configurations1697Exporting Configurations1697Importing Configurations1700Purging Discovery Data from the Database1705Viewing the Status of Long-Running Tasks1707Viewing the Task Queue1707Managing the Task Queue1708Command Line Reference1711Basic CLI Commands1712configure password1712end1712exit1713help1713history1713logout1714? (question mark)1714?? (double question marks)1714Show Commands1715access-control-config1716alarms1717arp-tables1717audit-log1717bypass1717clustering1718config1718clustering ha-statistics1718cpu1718database1719processes1720slow-query-log1720device-settings1720disk1720disk-manager1721dns1721expert1721fan-status1722fastpath-rules1722gui1722hostname1723hosts1723hyperthreading1723inline-sets1723interfaces1724ifconfig1724lcd1724link-state1725log-ips-connection1725managers1725memory1726model1726mpls-depth1726NAT1726active-dynamic1727active-static1727allocators1727config1727dynamic-rules1727flows1728static-rules1728netstat1728network1728network-modules1729ntp1729perfstats1729portstats1730power-supply-status1730process-tree1730processes1730route1731routing-table1731serial-number1731stacking1732summary1732time1732traffic-statistics1733user1733users1734version1734virtual-routers1735virtual-switches1735VPN1735config1735config by virtual router1736status1736status by virtual router1736counters1736counters by virtual router1736Configuration Commands1737clustering1737bypass1737gui1738lcd1738log-ips-connections1738manager1739add1739delete1739mpls-depth1739network1740dns searchdomains1740dns servers1740hostname1740http-proxy1741http-proxy-disable1741ipv4 delete1741ipv4 dhcp1741ipv4 manual1742ipv6 delete1742ipv6 dhcp1742ipv6 router1742ipv6 manual1743management-port1743password1743stacking disable1743user1744add1744aging1745delete1745disable1745enable1745forcereset1745maxfailedlogins1746password1746strengthcheck1746unlock1746System Commands1747access-control1747archive1747clear-rule-counts1747rollback1748disable-http-user-cert1748file1748copy1748delete1749list1749secure-copy1749generate-troubleshoot1749ldapsearch1750lockdown-sensor1750nat rollback1750reboot1751restart1751shutdown1751Security, Internet Access, and Communication Ports1753Internet Access Requirements1753Communication Ports Requirements1754Third-Party Products1759End User License Agreement1761Limited Warranty1764DISCLAIMER OF WARRANTY1765Glossary1769Index1807Tamaño: 10 MBPáginas: 1844Language: EnglishManuales abiertas
ProspectoTabla de contenidos지원되는 플랫폼 및 호환성1지원되는 플랫폼2관리 플랫폼과 관리되는 디바이스 간의 호환성3새로운 기능5새로운 기능5위협 차단 강화6향상된 네트워크 가시성 및 제어6Advanced Persistent Threat을 방어하는 개선된 위협 방어7관리 기능 강화7기능 변경 사항8업데이트된 용어8업데이트된 문서8시작하기 전에: 중요 업데이트 및 호환성 정보9컨피그레이션 및 이벤트 백업 지침9업그레이드 전에 Firepower Management Center 고가용성 쌍 해제10MC750, MC1500, Management Centers Virtual의 Firepower Management Center 메모리 업데이트10Management Center HTTPS 인증서를 버전 6.0으로 업데이트10업데이트 도중 트래픽 흐름 및 검사11업데이트 중의 감사 로깅12버전 6.0 업데이트를 위한 시간 및 디스크 공간 요구 사항12버전 6.0 업데이트를 위한 FirePower 버전 요구 사항13버전 6.0의 웹 브라우저 및 화면 해상도 호환성13버전 6.0에 통합된 제품 호환성14업데이트 설치14Firepower Management Centers 업데이트15관리되는 디바이스 및 ASA FirePOWER 모듈 업데이트17Firepower Management Center 업데이트18해결된 문제19알려진 문제25지원이 필요한 경우29Tamaño: 2 MBPáginas: 30Language: 한국어Manuales abiertas
ProspectoTabla de contenidos更改的功能2Sourcefire 文档的更新2开始之前:重要更新和兼容性说明3配置和事件备份准则3更新期间的流量和检查3流量检查和链路状态3交换和路由4产品兼容性4网络浏览器兼容性4屏幕分辨率兼容性5更新设备5计划更新5Sourcefire 3D 系统版本要求5操作系统要求5时间和磁盘空间方面的要求6配置和事件备份准则6何时执行更新7安装方法7安装顺序7在成对的防御中心上安装更新7在集群设备上安装更新7在堆叠设备上安装更新7在 X 系列设备上安装更新7安装后8更新防御中心8更新受管设备和用于 X 系列的 Sourcefire 软件10使用外壳执行更新12卸载更新13计划卸载13卸载方法13卸载顺序14从集群或成对设备卸载更新14从堆叠设备卸载更新14从内联部署的设备卸载更新14从用于 X 系列的 Sourcefire 软件卸载更新14卸载后14从受管设备卸载更新15从虚拟受管设备卸载更新16从用于 X 系列的 Sourcefire 软件卸载更新16从防御中心卸载更新175.3.0.1 版本解决的问题18之前更新中解决的问题205.3 版本20已知问题23以前版本中报告的已知问题25之前版本引入的功能275.327文件捕获和存储27动态分析、威胁分数和摘要报告28自定义检测28Spero 引擎28SMB 文件检测29AMP 云连接29主机和事件关联危害表现 (IOC) 样式29增强的安全情报事件存储和视图29简化的入侵策略变量管理30地理定位和访问控制30URL 过滤许可证更改308300 系列的 3 系列 FirePOWER 设备30专用 AMP 设备30磁盘管理器的改进31恶意软件存储包31用于 X 系列的 Sourcefire 软件31虚拟设备初始设置的改进31更改的功能32获得帮助33法律声明33Tamaño: 400 KBPáginas: 34Language: 中文(zhōngwén)Manuales abiertas
ProspectoTabla de contenidos目录3Sourcefire 3D 系统简介9Sourcefire 3D 系统设备10防御中心10受管设备10了解设备系列、型号和功能112 系列设备113 系列设备11虚拟设备125.3 版本随附设备12按设备型号列出的支持的功能133 系列设备机箱名称157000 系列机箱名称158000 系列机箱名称16Sourcefire 3D 系统组件16授予 Sourcefire 3D 系统许可证19使用旧版 RNA 主机和 RUA 用户许可证21安全、互联网访问和通信端口22互联网访问要求22打开通信端口要求24预配置设备25了解部署26了解部署选项27了解接口27被动接口27内联接口28交换接口29路由接口29混合接口30将设备连接至网络30使用集线器31使用 SPAN 端口31使用网络分路器31在铜缆端口接口上进行内联部署布线31特殊情况34连接 8000 系列设备34更改远程控制台34部署选项34使用虚拟交换机进行部署34使用虚拟路由器进行部署36使用混合接口进行部署37部署网关 VPN38使用基于策略的 NAT 进行部署39使用访问控制进行部署39在防火墙内部40在 DMZ 上41在内部网络上42在核心网络上42在远程或移动网络上43使用多端口受管设备43复杂的网络部署46集成 VPN46检测其他入口点上的入侵47在多站点环境中进行部署49在复杂的网络中集成受管设备50与代理服务器和 NAT 集成51与负载平衡方法集成51其他检测注意事项51安装 Sourcefire 3D 系统设备52附件53安全注意事项53识别管理接口53Sourcefire 防御中心 75054Sourcefire 防御中心 150054Sourcefire 防御中心 350054Sourcefire 7000 系列55Sourcefire 8000 系列55识别感应接口56Sourcefire 7000 系列563D7010、3D7030 和 3D7030573D7110 和 3D7120573D7115、3D7125 和 AMP715059Sourcefire 8000 系列608000 系列模块618000 系列堆栈模块65使用堆栈配置中的设备66连接 3D814067连接 82xx 系列和 83xx 系列67具有一台辅助设备的 3D8250 或 3D8350 主设备683D8260 或 3D8360 主设备以及一台辅助设备693D8270 或 3D8370 主设备 (40G) 和两台辅助设备693D8290 或 3D8390 主设备 (40G) 和三台辅助设备70使用 8000 系列堆栈电缆71管理堆栈设备71在机架中安装设备72重定向控制台输出74测试内联旁路接口安装75设置Sourcefire 3D 系统设备77了解设置过程78设置 3 系列防御中心79设置 3 系列设备80使用脚本配置网络设置80使用 CLI 在 3 系列设备上执行初始设置81使用 CLI 将 3 系列设备注册至防御中心83初始设置页面:设备84更改密码85网络配置853 系列设备 LCD 面板配置86远程管理86时间设置87检测模式87自动备份89最终用户许可协议89初始设置页面:防御中心89更改密码91网络配置91时间设置92重复规则更新导入92重复地理定位更新93自动备份93许可设置93设备注册95最终用户许可协议96后续步骤96使用 3 系列设备上的 LCD 面板98了解 LCD 面板组件99使用 LCD 多功能键100空闲显示模式101网络配置模式101允许使用 LCD 面板重新进行网络配置103系统状态模式104信息模式106错误警报模式107硬件规格108机架和机柜安装选项108Sourcefire 防御中心108Sourcefire DC750109DC750 机箱前视图109DC750 机箱后视图112DC750 物理和环境参数113Sourcefire DC1500115DC1500 机箱前视图115DC1500 机箱后视图117DC1500 物理和环境参数119Sourcefire DC3500120DC3500 机箱前视图120DC3500 机箱后视图122DC3500 物理和环境参数125Sourcefire 7000 系列设备126Sourcefire 3D7010、3D7020 和 3D703012670xx 系列前视图127感应接口12970xx 系列后视图13170xx 系列物理和环境参数132Sourcefire 3D7110 和 3D71201333D7110 和 3D7120 机箱前视图1333D7110 和 3D7120 感应接口1363D7110 和 3D7120 机箱后视图1383D7110 和 3D7120 物理和环境参数140Sourcefire 3D7115、3D7125 和 AMP71501413D7115、3D7125 和 AMP7150 机箱前视图1423D7115、3D7125 和 AMP7150 感应接口144SFP 接口1453D7115、3D7125 和 AMP7150 机箱后视图1473D7115、3D7125 和 AMP7150 物理和环境参数149Sourcefire 8000 系列设备1518000 系列机箱前视图1528000 系列机箱可以属于 81xx 系列、82xx 系列或 83xx 系列。15281xx 系列机箱前视图15282xx 系列和 83xx 系列机箱前视图1528000 系列前面板1538000 系列机箱后视图15581xx 系列机箱后视图15582xx 系列机箱后视图15683xx 系列机箱后视图1568000 系列物理和环境参数1598000 系列模块163四端口 1000BASE-T 铜缆可配置旁路网络模块164四端口 1000BASE-SX 光纤可配置旁路网络模块165双端口 10GBASE(MMSR 或 SMLR)光纤可配置旁路网络模块167双端口 40GBASE-SR4 光纤可配置旁路网络模块169四端口 1000BASE-T 铜缆非旁路网络模块171四端口 1000BASE-SX 光纤非旁路网络模块172四端口 10GBASE(MMSR 或 SMLR)光纤非旁路网络模块173堆栈模块175将 Sourcefire 设备恢复至出厂默 认设置176准备工作177配置和事件备份指南177恢复过程中的流量177了解恢复过程177获取恢复 ISO 和更新文件179开始恢复过程180使用 KVM 或物理串行启动恢复实用程序181使用无人值守管理启动恢复实用程序182使用交互式菜单恢复设备183识别设备的管理接口185指定 ISO 映像位置和传输方法186在恢复期间更新系统软件和入侵规则187下载 ISO 和更新文件并加载映像188调用恢复过程188保存和加载恢复配置191使用 CD 恢复 DC1000 或 DC3000192后续步骤193擦除硬盘驱动器的内容193设置无人值守管理194启用 LOM 和 LOM 用户195安装 IPMI 实用程序197安全和认证信息198一般安全准则198安全警告声明199监管信息202Sourcefire防御中心 750、1500 和 3500 信息202安全标准202认证/注册/声明203Sourcefire 3D500 信息204美国联邦通信委员会 (FCC) 声明204加拿大工业部 A 类辐射合规性声明204Avis de conformité à la réglementation d'Industrie Canada204澳大利亚和新西兰 A 类声明204英国电信安全要求205欧盟 EMC 指令符合性声明205Sourcefire 3 系列信息205安全和合规性20670xx 系列设备20671xx 系列和 8000 系列设备安全和合规性207机箱和网络模块名称2087000 系列机箱名称2088000 系列机箱名称209韩国网络模块名称211安全通告211适用于韩国的安全通告211适用于日本的安全通告211适用于中国台湾的安全通告211废弃电气电子设备指令 (WEEE)212设备Sourcefire电源要求213警告和注意事项213接口连接213静电控制21470xx 系列设备214安装214电压214电流214频率范围214电源线215接地要求215连接位置:215推荐的端子215地线要求21571xx 系列设备216安装216独立电路安装216同一电路安装216电压216电流217频率范围217电源线217接地要求217连接位置217推荐的端子217地线要求21781xx 系列设备218交流电安装218独立电路安装218同一电路安装219交流电压219交流电流219频率范围219电源线219直流安装219独立电路安装220同一电路安装220直流电压220直流电流220接地基准220推荐的端子220断路器要求220最低电线规格要求221接地要求221连接位置221推荐的端子221地线要求221直流电源22282xx 系列设备222交流电安装222独立电路安装223同一电路安装223交流电压223交流电流223频率范围223电源线223直流安装223独立电路安装224同一电路安装224直流电压224直流电流224接地基准224推荐的端子224断路器要求225最低电线规格要求225接地要求225连接位置225推荐的端子226地线要求226直流电源22683xx 系列设备226交流电安装227独立电路安装227同一电路安装227交流电压227交流电流227频率范围227电源线228直流安装228独立电路安装228同一电路安装228直流电压228直流电流229接地基准229推荐的端子229断路器要求229最低电线规格要求229接地要求229连接位置229推荐的端子230地线要求230直流电源230在 3D7115、3D7125 和 AMP7150 设 备中使用 SFP 收发器2313D7115、3D7125 和 AMP7150 SFP 插槽及收发器231插入 SFP 收发器233移除 SFP 收发器233插入或拆除 8000 系列模块2348000 系列设备上的模块插槽23481xx 系列235堆栈配置考虑因素23582xx 系列和 83xx 系列235堆栈配置考虑因素235附件236识别模块部件237准备工作237卸下模块或插槽盖238插入模块或插槽盖239预配置 Sourcefire 设备242准备工作243必需的预配置信息243可选预配置信息243预配置时间管理244安装系统244注册设备244准备装运设备245从防御中心删除设备245删除许可证防御中心246关闭设备电源246装运注意事项246设备预配置故障排除247术语表248Tamaño: 10 MBPáginas: 260Language: 中文(zhōngwén)Manuales abiertas
ProspectoTabla de contenidosFireSIGHT 系统简介9FireSIGHT 系统设备92 系列设备113 系列设备11虚拟设备11X 系列专用 Sourcefire 软件12具备 FirePOWER 服务的思科 ASA 防火墙12随 5.3.1 版本一起交付的设备13不同防御中心型号支持的功能14不同受管设备型号所支持的功能153 系列设备机箱名称167000 系列机箱名称168000 系列机箱名称17FireSIGHT 系统组件17许可 FireSIGHT 系统19使用旧版的 RNA 主机和 RUA 用户许可证21安全性、互联网接入和通信端口22互联网访问要求22通信端口要求23预配置设备25了解部署27了解部署选项27了解接口28被动接口28内联接口28交换接口29路由接口30混合接口30将设备与网络连接31使用集线器31使用 SPAN 端口31使用网络分路器31铜接口上的内联部署布线32特殊情况33连接8000 系列设备33更改远程控制台33部署选项33使用虚拟交换机进行部署34使用虚拟路由器进行部署35使用混合接口进行部署36部署网关 VPN37使用基于策略的 NAT 进行部署37使用访问控制进行部署38在防火墙内部39在 DMZ 上39在内部网络上40在核心网络上40在远程或移动网络上41使用多端口受管设备42复杂的网络部署44与 VPN 集成44检测其他入口点上的入侵45在多站点环境中进行部署46在复杂的网络中集成受管设备48与代理服务器和 NAT 集成48与负载平衡方法集成49其他检测注意事项49安装 FireSIGHT 系统设备51附件51安全注意事项52识别管理接口52FireSIGHT 防御中心 75052FireSIGHT 防御中心 150052FireSIGHT 防御中心 350053FireSIGHT 7000 系列53FireSIGHT 8000 系列53识别感应接口54FirePOWER 7000 系列543D7010、3D7020 和 3D7030543D7110 和 3D7120553D7115、3D7125 和 AMP715056FirePOWER 8000 系列578000 系列模块598000 系列堆叠模块62在堆叠配置中使用设备63连接 3D814063连接 82xx 子系列和 83xx 子系列643D8250 或 3D8350 主设备和一个辅助设备643D8260 或 3D8360 主设备和一个辅助设备653D8270 或 3D8370 主设备 (40G) 和两个辅助设备653D8290 或 3D8390 主设备 (40G) 和三个辅助设备65使用 8000 系列堆叠电缆66管理堆叠设备67在机架中安装设备67重定向控制台输出69测试内联旁路接口的安装70设置 FireSIGHT 系统设备73了解设置流程74设置 3 系列防御中心75设置 3 系列设备75使用脚本配置网络设置76使用 CLI 在 3 系列设备上进行初始设置77使用 CLI 将 3 系列设备注册至防御中心78初始设置页面:设备79更改密码80网络设置803 系列设备 LCD 面板配置80远程管理80时间设置80检测模式81自动备份82最终用户许可协议82初始设置页面:防御中心82更改密码83网络设置83时间设置84重复规则更新导入84重复地理位置更新84自动备份84许可证设置84设备注册85最终用户许可协议86后续步骤86使用 3 系列设备上的 LCD 面板89了解 LCD 面板组件89使用 LCD 多功能键90空闲显示模式91网络配置模式92允许使用 LCD 面板进行网络配置93系统状态模式94信息模式95错误警报模式96硬件规格99机架和机柜安装选项99防御中心99DC75099DC750 机箱前视图100DC750 机箱后视图102DC750 物理和环境参数103DC1500103DC1500 机箱前视图103DC1500 机箱后视图106DC1500 物理和环境参数107DC3500107DC3500 机箱前视图107DC3500 机箱后视图110DC3500 物理和环境参数1117000 系列设备1123D7010、3D7020 和 3D703011270xx 子系列前视图11270xx 子系列后视图11570xx 子系列物理和环境参数1163D7110 和 3D71201163D7110 和 3D7120 机箱前视图1173D7110 和 3D7120 机箱后视图1213D7110 和 3D7120 物理和环境参数1223D7115、3D7125 和 AMP71501233D7115、3D7125 和 AMP7150 机箱前视图1233D7115、3D7125 和 AMP7150 机箱后视图1283D7115、3D7125 和 AMP7150 物理和环境参数1298000 系列设备1308000 系列机箱前视图1318000 系列机箱可以放在 81xx 子系列、82xx 子系列或者 83xx 子系列中。13181xx 子系列机箱前视图13182xx 子系列和 83xx 子系列机箱前视图1318000 系列机箱后视图13481xx 子系列机箱后视图13482xx 子系列机箱后视图13583xx 子系列机箱后视图1358000 系列物理和环境参数1368000 系列模块140四端口 1000BASE-T 铜可配置旁路网络模块140四端口 1000BASE-SX 光纤可配置旁路网络模块141双端口 10GBASE(MMSR 或 SMLR)光纤可配置旁路网络模块142双端口 40GBASE-SR4 光纤可配置旁路网络模块144四端口 1000BASE-T 铜可配置旁路网络模块145四端口 1000BASE-SX 光纤可配置旁路网络模块146四端口 10GBASE(MMSR 或 SMLR)光纤非旁路网络模块147堆叠模块148还原 FireSIGHT 系统设备为出厂默认设置149准备工作149配置和事件备份指南149还原流程中的流量150了解还原流程150获取还原 ISO 和更新文件151开始还原流程152使用 KVM 或物理串行端口启动还原实用程序153使用无人值守管理启动还原实用程序154使用交互式菜单还原设备155识别设备的管理接口157指定 ISO 映像位置和传输方法157在还原流程中更新系统软件和入侵规则159下载 ISO 和更新文件并安装映像159调用还原流程160保存和加载还原配置162使用 CD 还原 DC1000 或 DC3000163后续步骤164设置无人值守管理164启用 LOM 和 LOM 用户165安装 IPMI 实用程序166FirePOWER 设备电源要求167警告和注意事项167静电控制16770xx 子系列设备168安装168电压168电流168频率范围168电源线168接地要求169连接位置169推荐端子169地线要求16971xx 子系列设备169安装170不同电路分开安装170相同电路安装170电压170电流170频率范围170电源线170接地要求171连接位置171推荐端子171地线要求17181xx 子系列设备171交流安装172不同电路分开安装172相同电路安装172交流电压172交流电流172频率范围172电源线172直流安装173不同电路分开安装173相同电路安装173直流电压173直流电流173接地基准173推荐端子174断路器要求174最低线号要求174接地要求174连接位置174推荐端子174地线要求175直流电供电线17582xx 子系列设备175交流安装175不同电路分开安装176相同电路安装176交流电压176交流电流176频率范围176电源线176直流安装176不同电路分开安装177相同电路安装177直流电压177直流电流177接地基准177推荐端子177断路器要求177最低线号要求178接地要求178连接位置178推荐端子178地线要求178直流电供电线17883xx 子系列设备179交流安装179不同电路分开安装179相同电路安装179交流电压179交流电流180频率范围180电源线180直流安装180不同电路分开安装180相同电路安装180直流电压180直流电流181接地基准181推荐端子181断路器要求181最低线号要求181接地要求181连接位置181推荐端子182地线要求182直流电供电线182在 3D71x5 和 AMP7150 设备中使用 SFP 收发器1833D71x5 和 AMP7150 SFP 插槽和收发器183插入 SFP 收发器184移除 SFP 收发器185插入和拆卸 8000 系列模块1878000 系列设备上的模块插槽18781xx 子系列188堆叠配置注意事项18882xx 子系列和 83xx 子系列188堆叠配置注意事项188随附项目189识别模块零件190准备工作190拆卸模块或插槽盖191插入模块或插槽盖192清理硬盘驱动器195清理硬盘驱动器的内容195预配置 FireSIGHT 系统设备197准备工作197预配置所需信息198预配置可选信息198预配置时间管理198安装系统199注册设备199准备装运设备199从防御中心删除设备200从防御中心删除许可证200关闭设备201关于装运的注意事项201设备预配置故障排除201词汇表203Tamaño: 9 MBPáginas: 218Language: 中文(zhōngwén)Manuales abiertas
ProspectoTabla de contenidos新增及更新的特性和功能2高级恶意软件防护功能3文件捕获和存储3动态分析、威胁分数和摘要报告3自定义检测3Spero 引擎4SMB 文件检测4AMP 云连接4下一代入侵防御 (NGIPS) 功能5主机和事件关联危害表现 (IOC) 样式5增强的安全情报事件存储和视图5简化的入侵策略变量管理5下一代防火墙 (NGFW) 功能6地理定位和访问控制6URL 过滤许可证变更6FirePOWER 设备功能63 系列 FirePOWER 设备中的 8300 子系列6专用 AMP 设备6磁盘管理器的改进7恶意软件存储包7平台支持功能7用于 X 系列的 Sourcefire 软件7虚拟设备初始设置的改进7更改的功能8Sourcefire 文档的更新9开始之前:重要更新和兼容性说明10配置和事件备份准则10更新期间的流量和检查10流量检查和链路状态11交换和路由11更新过程中的审计日志记录11产品兼容性11网络浏览器兼容性12屏幕分辨率兼容性12恢复到前一版本12更新设备12计划更新13Sourcefire 3D 系统版本要求13操作系统要求13时间和磁盘空间方面的要求14配置和事件备份准则14何时执行更新14安装方法15安装顺序15在成对的防御中心上安装更新15在集群设备上安装更新15在堆叠设备上安装更新15X 系列设备15安装后15更新防御中心16更新受管设备18使用外壳执行更新20在 5.3 版中解决的问题21已知问题24获得帮助27法律声明28Tamaño: 400 KBPáginas: 28Language: 中文(zhōngwén)Manuales abiertas
Guía Del UsuarioTabla de contenidos目录3思科 FireSIGHT 系统简介43受管设备简介432 系列和 3 系列 受管设备4464 位虚拟受管设备45适用于 Blue Coat X 系列的 Cisco NGIPS45具备 FirePOWER 服务的 Cisco ASA 防火墙45按受管设备型号汇总受支持功能46防御中心简介48按防御中心型号汇总受支持功能495.4.1 版 随附的防御中心和设备50FireSIGHT 系统组件52冗余和资源共享52网络流量管理53FireSIGHT53访问控制53SSL 检查54入侵检测和防御54高级恶意软件防护和文件控制54可为网络服务、协调和服务管理功能体现出网络价值的55文档资源56文档体例56许可证约定57受支持设备和防御中心约定57访问约定58IP 地址约定58登录 FireSIGHT 系统61登录设备61注销设备64使用上下文菜单64管理可重用对象67使用对象管理器68将对象分组68浏览、排序和过滤对象69使用网络对象70使用安全情报列表和源70使用全局白名单和黑名单72使用情报源73使用自定义安全情报源74手动更新安全情报源75使用自定义安全情报列表75更新安全情报列表76使用端口对象76使用 VLAN 标记对象78使用 URL 对象78使用应用过滤器79使用变量集81优化预定义默认变量82了解变量集84管理变量集85管理变量87添加和编辑变量88使用网络变量91使用端口变量92重置变量93将变量集链接到入侵策略94了解高级变量94使用文件列表95将多个 SHA-256 值上传到文件列表96将单个文件上传到文件列表97将 SHA-256 值添加到文件列表98修改文件列表中的文件98从文件列表下载源文件99使用安全区域100使用密码套件列表101使用可分辨名称对象102使用 PKI 对象103使用内部证书颁发机构对象104导入 CA 证书和私有密钥105生成新的 CA 证书和私有密钥105获取和上传新的签名证书106下载 CA 证书和私有密钥107使用可信证书颁发机构对象108添加可信 CA 对象108将证书撤销列表添加到可信 CA 对象109使用外部证书对象110使用内部证书对象111使用地理定位对象112管理设备113管理概念113防御中心可以管理哪些内容?114除策略和事件以外的其他功能114使用冗余防御中心115了解管理接口115使用单一管理接口116使用多个管理接口116使用流量信道117使用网络路由118在 NAT 环境中工作118配置高可用性119使用高可用性120共享配置121运行状况和系统策略121关联响应122许可证122URL 过滤和安全情报122云连接和恶意软件信息123用户代理123实施高可用性的准则123设置高可用性124监控和更改高可用性状态125禁用高可用性和注销设备126暂停成对防御中心之间的通信127重新启动成对防御中心之间的通信127处理设备128了解 Device Management 页面128配置远程管理129编辑远程管理130更改管理端口131将设备添加到防御中心132对设备应用更改134使用设备管理修订比较报告134删除设备135管理设备组135添加设备组136编辑设备组136删除设备组137集群设备137建立设备集群139编辑设备集群141配置集群中的单个设备141配置集群中的单个设备堆栈142在集群设备上配置接口143在集群中切换活动对等体143使集群设备进入维护模式144替换集群堆栈中的设备144建立集群状态共享145对集群状态共享进行故障排除146分隔集群设备149管理堆叠设备149建立设备堆栈151编辑设备堆栈152配置堆栈中的单台设备153在堆叠设备上配置接口153分隔堆叠设备154编辑设备配置154编辑常规设备设置155启用和禁用设备许可证156编辑设备系统设置157查看设备的运行状况158编辑设备管理设置158了解高级设备设置159自动应用旁路159编辑高级设备设置160配置快速路径规则161添加 IPv4 快速路径规则161添加 IPv6 快速路径规则162删除快速路径规则164配置感应接口164配置高可用性链路接口167配置感应接口 MTU168管理具备 FirePOWER 服务的 Cisco ASA 防火墙接口168禁用接口169防止连接日志记录重复170设置 IPS 设备171了解被动 IPS 部署171配置被动接口171了解内联 IPS 部署172配置内联接口173配置内联集174查看内联集175添加内联集175配置高级内联集选项177删除配置为失效开放的光纤内联集的旁路模式179删除内联集179为 Blue Coat X 系列接口配置思科 NGIPS180设置虚拟交换机181配置交换接口181配置物理交换接口182添加逻辑交换接口183删除逻辑交换接口184配置虚拟交换机184查看虚拟交换机185添加虚拟交换机185配置高级虚拟交换机设置186删除虚拟交换机188设置虚拟路由器189配置路由接口189配置物理路由接口190添加逻辑路由接口192删除逻辑路由接口194配置 SFRP194配置虚拟路由器195查看虚拟路由器196添加虚拟路由器196设置 DHCP 中继198设置 DHCPv4 中继198设置 DHCPv6 中继199设置静态路由199了解静态路由表视图200添加静态路由200设置动态路由201设置 RIP 配置202为 RIP 配置添加接口202配置 RIP 配置的身份验证设置203配置 RIP 配置的高级设置204添加 RIP 配置的导入过滤条件205添加 RIP 配置的导出过滤条件206设置 OSPF 配置207设置 OSPF 路由区域207添加 OSPF 区域207添加 OSPF 区域接口208添加 OSPF 区域虚拟链路211添加 OSPF 配置的导入过滤条件212添加 OSPF 配置的导出过滤条件213设置虚拟路由器过滤条件214添加虚拟路由器身份验证配置文件216查看虚拟路由器统计数据217删除虚拟路由器217设置汇聚接口219配置 LAG219指定负载均衡算法220指定链路选择策略221配置 LACP222添加汇聚交换接口222添加汇聚路由接口224添加逻辑汇聚接口227查看汇聚接口统计数据228删除汇聚接口229设置混合接口231添加逻辑混合接口231删除逻辑混合接口233使用网关 VPN235了解 IPSec235了解 IKE236了解 VPN 部署236了解点对点 VPN 部署236了解星型 VPN 部署236了解网格 VPN 部署237管理 VPN 部署238配置 VPN 部署239配置点对点 VPN 部署239配置星型 VPN 部署241配置网格 VPN 部署243配置高级 VPN 部署设置245应用 VPN 部署247查看 VPN 部署状态247查看 VPN 统计数据和日志248使用 VPN 部署对比视图250使用 NAT 策略251规划和实施 NAT 策略252配置 NAT 策略252管理 NAT 策略目标253在 NAT 策略中整理规则255处理 NAT 规则警告和错误256管理 NAT 策略257创建 NAT 策略257编辑 NAT 策略258复制 NAT 策略259查看 NAT 策略报告259比较两个 NAT 策略260使用 NAT 策略比较视图261使用 NAT 策略比较报告261应用 NAT 策略262应用完整的 NAT 策略263应用选定的策略配置263创建和编辑 NAT 规则264了解的 NAT 规则类型265了解 NAT 规则条件和条件机制267了解 NAT 规则条件268向 NAT 规则添加条件268搜索 NAT 规则条件列表270向 NAT 规则添加文字条件270在 NAT 规则条件中使用对象271处理 NAT 规则中不同类型的条件271向 NAT 规则添加区域条件271将源网络条件添加到动态 NAT 规则273将目标网络条件添加到 NAT 规则274向 NAT 规则添加端口条件275访问控制策略入门279访问控制许可证和角色要求280访问控制的许可证和型号要求280使用自定义用户角色管理部署281创建基本访问控制策略282设置对网络流量的默认处理和检查284为访问控制策略设置目标设备286管理访问控制策略287编辑访问控制策略288了解过期策略警告290应用访问控制策略291应用完整的策略293应用所选策略配置293IPS 或仅发现性能注意事项295优化仅网络发现部署295在没有发现的情况下执行入侵检测和防御296对访问控制策略和规则进行故障排除296简化规则以提高性能297了解规则取代和无效配置警告298将规则排序以提高和避免取代299生成当前访问控制设置报告299比较访问控制策略300使用访问控制策略比较视图301使用访问控制策略比较报告301使用安全情报 IP 地址信誉实施黑名单303选择安全情报战略304建立安全情报白名单和黑名单305搜索添加至白名单或黑名单的对象307创建添加至白名单或黑名单的对象307使用访问控制规则调整流量309创建和编辑访问控制规则310指定规则的评估顺序312使用条件指定规则处理的流量313使用规则操作确定流量处理和检查314Monitor 操作:延迟操作并确保日志记录315Trust 操作:未经检查通过流量315阻止操作:未经检查阻止流量315交互式阻止操作:允许用户绕过网站拦截316Allow 操作:允许和检查流量317借助 3 系列设备信任或阻止流量的限制318将注释添加到规则中319管理策略中的访问控制规则319搜索访问控制规则321按受影响设备显示规则321启用和禁用规则322更改规则的位置或类别322移动规则322添加新的规则类别323使用基于网络的规则控制流量325通过安全区域控制流量326按网络或地理位置控制流量327控制 VLAN 流量329通过端口和 ICMP 代码控制流量330使用基于信誉的规则控制流量333控制应用流量334将流量与应用过滤器相匹配335匹配来自单独应用的流量336向访问控制规则中添加应用条件337对应用控制的限制338阻止 URL339执行基于信誉的 URL 阻止340执行手动 URL 阻止342对 URL 检测和阻止的限制344允许用户绕过 URL 阻止345为被阻止网站设置用户旁路超时346显示被阻止 URL 的自定义网页347按照用户控制流量349向访问控制规则添加用户条件350检索访问受控用户和 LDAP 用户元数据352连接 LDAP 服务器以实现用户感知和控制352按需更新用户控制参数356暂停与 LDAP 服务器的通信356使用用户代理报告 Active Directory 登录情况357使用入侵和文件策略控制流量359检查允许的流量中是否存在入侵和恶意软件360了解文件和入侵检查顺序361配置访问控制规则执行 AMP 或文件控制363配置访问控制规则以执行入侵防御363调整的入侵防御性能365限制入侵模式匹配365覆盖入侵规则的正则表达式限制366限制每个数据包生成的入侵事件数367配置数据包和入侵规则延迟阈值368了解数据包延迟阈值设置369配置数据包延迟阈值设置 370了解规则延迟阈值371配置规则延迟阈值373配置入侵性能统计数据日志记录374调整文件和恶意软件检查性能和存储375了解流量解密379SSL 检查要求380部署支持 SSL 检查的设备380确定 SSL 检查必需的许可证380使用自定义用户角色管理您的 SSL 检查部署381收集配置 SSL 规则的必备信息382分析 SSL 检查设备部署382示例:在被动部署中解密流量383在被动部署中监控已加密的流量384不解密被动部署中的已加密流量385在被动部署中使用私钥检查已加密的流量385示例:在内联部署中解密流量387在内联部署中监控已加密的流量388在内联部署中允许特定用户的已加密流量389在内联部署中阻止已加密的流量390在内联部署中使用私钥检查已加密的流量390在内联部署中使用重签证书检查特定用户的已加密流量392SSL 策略使用入门395创建基本 SSL 策略396为已加密流量设置默认处理和检查397为无法解密的流量设置默认处理398编辑 SSL 策略400使用访问控制应用解密设置402生成当前流量解密设置的报告403比较 SSL 策略404使用 SSL 策略比较视图404使用 SSL 策略比较报告405SSL 规则入门407配置支持检查信息409了解和创建 SSL 规则410指定 SSL 规则的评估顺序411使用条件指定规则处理的加密流量412使用规则操作确定加密流量处理和检查413Monitor 操作:延迟操作并确保日志记录414不解密操作:通过加密流量而不检查414阻止操作:阻止加密流量而不检查414解密操作:解密流量以进一步检查415管理策略中的 SSL 规则416搜索 SSL 规则417启用和禁用 SSL 规则418更改 SSL 规则的位置或类别418移动 SSL 规则419添加新 SSL 规则类别419对 SSL 规则进行故障排除420了解 SSL 规则警告和错误421了解规则争抢和无效配置警告421对 SSL 规则进行排序以提高性能和避免争抢422配置 SSL 检查以提高性能423使用 SSL 规则调整流量解密425使用基于网络的条件控制加密流量425按网络区域控制加密流量426按网络或地理位置控制加密流量427控制加密 VLAN 流量429按端口控制加密流量430根据用户控制加密流量431按信誉控制加密流量432根据应用控制加密流量433将加密流量与应用过滤器相匹配434匹配来自单个应用的流量435向 SSL 规则中添加应用条件436对加密应用控制的限制437按 URL 类别和信誉控制加密流量437执行基于信誉的 URL 阻止438对 URL 检测和阻止的限制440根据加密属性控制流量440按证书可分辨名称控制加密流量441按证书控制加密流量443按证书状态控制加密流量444信任外部证书颁发机构444按证书状态匹配流量445按密码套件控制加密流量448按加密协议版本控制流量449了解网络分析和入侵策略451了解策略如何检查流量是否存在入侵452解码、规范化和预处理:网络分析策略453访问控制规则:入侵策略选择454入侵检查:入侵策略、规则和变量集455生成入侵事件456比较系统提供的策略与自定义策略456了解系统提供的策略457自定义策略的优点458自定义网络分析策略的优点458自定义入侵策略的优点459自定义策略的局限性460使用导航面板462解决冲突和提交策略更改463在网络分析或入侵策略中使用层465了解层堆栈465了解基本层466了解系统提供的基本策略467了解自定义基本策略467更改基本策略467允许规则更新修改系统提供的基本策略468了解 FireSIGHT 建议层469管理层470添加层471更改层的名称和说明471移动、复制和删除层472合并层473在策略之间共享层473在层中配置入侵规则475移除多层规则设置476接受来自自定义基本策略的规则更改477配置层中的预处理程序和高级设置478自定义流量预处理481设置用于访问控制的默认入侵策略481使用网络分析策略自定义预处理482为访问控制设置默认网络分析策略483指定要使用网络分析规则进行预处理的流量484按每个区域预处理流量485按每个网络预处理流量486按 VLAN 预处理流量487管理网络分析规则488网络分析策略使用入门489创建自定义网络分析策略490管理网络分析策略491编辑网络分析策略491允许预处理器影响内联部署中的流量492在网络分析策略中配置预处理器493生成当前网络分析设置的报告495比较两个网络分析策略或版本496使用网络分析策略比较视图497使用网络分析策略比较报告497使用应用层预处理器499解码 DCE/RPC 流量500选择全局 DCE/RPC 选项501了解基于目标的 DCE/RPC 服务器策略502了解 DCE/RPC 传输502了解无连接和面向连接 DCE/RPC 流量503了解 RPC over HTTP 传输504选择 DCE/RPC 基于目标的策略选项505配置 DCE/RPC 预处理器508检测 DNS 域称服务器响应中的漏洞511了解 DNS 预处理器资源记录检查511检测 RData 文本字段中的溢出尝试512检测过时的 DNS 资源记录类型512检测试验性 DNS 资源记录类型513配置 DNS 预处理器513解码 FTP 和 Telnet 流量514了解 FTP 和 Telnet 全局选项514配置 FTP/Telnet 全局选项515了解 Telnet 选项516配置 Telnet 选项516了解服务器级别 FTP 选项517创建 FTP 命令参数验证语句519配置服务器级别 FTP 选项520了解客户端级别 FTP 选项522配置客户端级别 FTP 选项523解码 HTTP 流量524选择全局 HTTP 规范化选项525配置全局 HTTP 配置选项526选择服务器级别 HTTP 规范化选项526选择服务器级别的 HTTP 规范化编码选项533配置 HTTP 服务器选项535启用其他 HTTP 检查预处理器规则536使用 Sun RPC 预处理器537配置 Sun RPC 预处理器538解码会话发起协议538选择 SIP 预处理器选项539配置 SIP 预处理器541启用其他 SIP 预处理器规则541配置 GTP 命令通道542解码 IMAP 流量543选择 IMAP 预处理器选项544配置 IMAP 预处理器545启用其他 IMAP 预处理器规则546解码 POP 流量546选择 POP 预处理器选项546配置 POP 预处理器547启用其他 POP 预处理器规则548解码 SMTP 流量549了解 SMTP 解码549配置 SMTP 解码552启用 SMTP 最大解码内存警报555使用 SSH 预处理器检测攻击555选择 SSH 预处理器选项556配置 SSH 预处理器558使用 SSL 预处理器558了解 SSL 预处理559启用 SSL 预处理器规则559配置 SSL 预处理器560配置 SCADA 预处理563配置 Modbus 预处理器563配置 DNP3 预处理器565配置传输和网络层预处理567配置高级传输/网络设置567忽略 VLAN 报头568使用入侵丢弃规则启动活动响应569故障排除:记录会话终止消息570验证校验和571规范化内联流量572对 IP 数据包进行分片重组576了解 IP 分片漏洞577基于目标的分片重组策略577选择分片重组选项578配置 IP 分片重组579了解数据包解码580配置数据包解码583使用 TCP 数据流预处理584了解与状态相关的 TCP 漏洞584选择 TCP 全局选项585了解基于目标的 TCP 策略585选择 TCP 策略选项586重组 TCP 数据流589了解基于数据流的攻击589选择数据流重组选项589配置 TCP 数据流预处理591使用 UDP 数据流预处理594配置 UDP 数据流预处理594调整被动部署中的预处理597了解自适应配置文件597通过预处理器使用自适应配置文件598自适应配置文件和 FireSIGHT 建议规则598配置自适应配置文件599入侵策略入门601创建自定义入侵策略602管理入侵策略603编辑入侵策略604在内联部署中设置丢弃行为605在入侵策略中配置高级设置606应用入侵策略607生成当前入侵设置的报告608比较两个入侵策略或版本609使用入侵策略比较视图609使用入侵策略比较报告610使用规则调整入侵策略611了解入侵防御规则类型612查看入侵策略中的规则612对规则的显示排序614查看规则详细信息614为规则设置阈值616为规则设置抑制616为规则设置动态规则状态617为规则设置 SNMP 告警618为规则添加规则注释618过滤入侵策略中的规则619了解入侵策略中的规则过滤619构造入侵策略规则过滤器的指导原则619了解规则配置过滤器621了解规则内容过滤器624了解规则类别625直接编辑规则过滤器625在入侵策略中设置规则过滤器626设置规则状态628按策略过滤入侵事件通知630配置事件阈值630了解事件阈值630添加和修改入侵事件阈值631查看和删除入侵事件阈值633按入侵策略配置抑制634抑制入侵事件634查看和删除抑制条件635添加动态规则状态636了解动态规则状态636设置动态规则状态637添加 SNMP 告警639添加规则注释640为您的网络资产定制入侵防御643了解基本规则状态建议644了解高级规则状态建议644了解要检查的网络644了解规则开销645使用 FireSIGHT 建议645检测特定威胁649检测 Back Orifice649检测端口扫描650配置端口扫描检测652了解端口扫描事件654防御基于速率的攻击656了解基于速率的攻击防御656防御 SYN 攻击658控制同步连接658基于速率的攻击防御及其他过滤器659基于速率的攻击防御和检测过滤659动态规则状态和阈值或抑制660策略范围基于速率的检测和阈值或抑制661使用多种过滤方法进行基于速率的检测662配置基于速率的攻击防御663检测敏感数据665部署敏感数据检测665选择全局敏感数据检测选项666选择具体数据类型选项666使用预定义数据类型667配置敏感数据检测668选择要监控的应用协议670特殊情况:检测 FTP 流量中的敏感数据671使用自定义数据类型671定义自定义数据类型的数据模式672配置自定义数据类型674编辑自定义数据类型名称和检测模式675从全局限制入侵事件记录677了解阈值677了解阈值选项678配置全局阈值679禁用全局阈值680了解和编写入侵规则681了解规则结构682了解规则报头683指定规则操作684指定协议684在入侵规则中指定 IP 地址685指定 IP 地址686指定多个 IP 地址686指定网络对象687在入侵规则中排除 IP 地址687在入侵规则中定义端口688指定方向689了解规则中的关键字和参数689定义入侵事件详细信息690定义事件消息690定义事件优先级691定义入侵事件分类691定义事件参考693搜索内容匹配694使用 content 关键字694使用 protected_content 关键字694配置内容匹配695限制内容匹配696Case Insensitive696Hash Type697Raw Data697非698搜索位置选项699在 content 关键字中使用搜索位置选项700在 protected_content 关键字中使用搜索位置选项701HTTP 内容选项701Use Fast Pattern Matcher704替换内联部署中的内容707使用 Byte_Jump 和 Byte_Test708byte_jump708byte_test710使用 PCRE 搜索内容712有关兼容 Perl 的正则表达式的基础知识713PCRE 修饰符选项714PCRE 关键字值示例716向规则添加元数据718检查 IP 报头值721检查分片和保留位722检查 IP 报头标别值722识别指定的 IP 选项722识别指定的 IP 协议号723检查数据包的服务类型723检查数据包的生存时间值723检查 ICMP 报头值724识别静态 ICMP ID 和序列值724检查 ICMP 消息类型724检查 ICMP 消息代码725检查 TCP 报头值和数据流大小725检查 TCP 确认值725检查 TCP 标志组合726将规则应用于 TCP 或 UDP 客户端或服务器流量727识别静态 TCP 序列号728识别给定大小的 TCP 窗口728识别给定大小的 TCP 数据流728启用和禁用 TCP 数据流重组729从会话提取 SSL 信息730ssl_state730ssl_version731检查应用层协议值731RPC731ASN.1732urilen733DCE/RPC 关键字734dce_iface735dce_opnum736dce_stub_data736SIP 关键字736sip_header737sip_body737sip_method737sip_stat_code738GTP 关键字738gtp_version738gtp_type739gtp_info743Modbus 关键字748modbus_data748modbus_func749modbus_unit750DNP3 关键字750dnp3_data750dnp3_func750dnp3_ind752dnp3_obj753检查数据包特征753dsize753isdataat754sameip754fragoffset754cvs755将数据包数据读取到关键字参数中755使用规则关键字发起活动响应757按类型和方向发起主动响应758在 TCP 重置之前发送 HTML 页面759设置活动响应重置尝试次数和界面760过滤事件760评估攻击后流量761检测跨越多个数据包的攻击762生成关于 HTTP 编码类型和位置的事件767检测文件类型和版本768file_type769file_group769指向特定负载类型770指向数据包负载的开头771解码和检查 Base64 数据772base64_decode772base64_data773构建规则773编写新规则773修改现有规则775向规则添加注释776删除自定义规则777搜索规则778过滤 Rule Editor 页面上的规则779在规则过滤器中使用关键字780在规则过滤器中使用字符串781在规则过滤器中结合使用关键字和字符串781过滤规则781阻止恶意软件和禁止的文件783了解恶意软件防护和文件控制784配置恶意软件防护和文件控制787根据恶意软件防护和文件控制记录事件787集成 FireAMP 与 FireSIGHT 系统788基于网络的 AMP 与基于终端的 FireAMP789了解和创建文件策略790创建文件策略796使用文件规则797配置高级文件策略常规选项799配置存档文件检查选项800查看存档文件的内容801比较两个文件策略802为 FireAMP 处理云连接803创建思科云连接804删除或禁用云连接805与 FireAMP 私有云协作的806记录网络流量中的连接809决定要记录哪些连接810记录关键连接810记录连接的开始或结束事件811将连接事件记录到防御中心或外部服务器中812了解访问控制和 SSL 规则操作如何影响日志记录813了解受监控连接的记录813了解受信任连接的记录814了解受阻和交互式受阻连接的记录814了解受允许连接的记录815为允许的连接禁用文件和恶意软件事件日志记录815连接记录的许可证和型号要求816记录安全情报(黑名单)决策817记录已加密连接819记录可用 SSL 规则解密的连接819为已加密和不可解密连接设置默认日志记录820根据访问控制处理记录连接821记录与访问控制规则相匹配的连接821记录访问控制默认操作处理的连接823记录在连接中检测到的 URL824使用连接与安全情报数据827了解连接和安全情报数据828了解连接摘要828长期运行连接829源于外部响应方的组合连接摘要829了解连接和安全情报数据字段829连接和安全情报事件中的可用信息835查看连接和安全情报数据838使用连接图839更改图形类型840选择数据集843查看有关汇总连接数据的信息845在工作流程页面上操作连接图846深入研究连接数据图846重定曲线图的中心点和缩放847选择数据进行绘图848分离连接图849导出连接数据849使用连接和安全情报数据表850使用监控规则相关的事件851查看连接中检测到的文件852查看与连接有关的入侵事件852查看与加密连接相关的证书853搜索连接和安全情报数据853查看 Connection Summary 页面859分析恶意软件和文件活动861使用文件存储862了解捕获文件存储863将存储的文件下载至另一位置863使用动态分析864了解 Spero 分析865提交文件进行动态分析865审查威胁评分和动态分析总结865使用文件事件866查看文件事件867了解文件事件表868搜索文件事件871使用恶意软件事件874查看恶意软件事件876了解恶意软件事件表877恶意软件事件类型881搜索恶意软件事件882使用捕获的文件885查看捕获的文件886了解捕获的文件表887搜索捕获文件888使用网络文件轨迹890审核网络文件轨迹891访问网络文件轨迹891分析网络文件轨迹892概要信息892轨迹映射894事件表897处理入侵事件899查看入侵事件统计信息900主机统计信息901事件概述901事件统计信息901查看入侵事件性能902生成入侵事件性能统计信息图表902查看入侵事件图表905查看入侵事件905了解入侵事件906查看与入侵事件相关的连接数据911审核入侵事件912了解入侵事件的工作流程页面913使用下钻式页面和表视图页面914使用数据包视图917查看事件信息918使用数据包视图操作921在数据包视图内设置阈值选项922在数据包视图中设置抑制选项923查看帧信息924查看数据链路层信息925查看网络层信息925查看 IPv4 网络层信息926查看 IPv6 网络层信息927查看传输层信息927TCP 数据包视图928UDP 数据包视图929ICMP 数据包视图929查看信息包字节信息930使用影响级别评估事件930解读预处理器事件931了解预处理器事件数据包显示932解读预处理器生成器 ID932搜索入侵事件934使用剪贴板940生成剪贴板报告941从剪贴板删除事件941事故处理943事故处理基本信息943事故的定义943常规事故处理流程944FireSIGHT 系统中的事故类型946创建事故946编辑事故947生成事故报告947创建定制事故类型948配置外部警报951使用警报响应952创建邮件警报响应953创建 SNMP 警报响应953创建系统日志警报响应954修改警报响应956删除警报响应957启用和禁用警报响应957配置影响标志警报957配置发现事件警报958配置高级恶意软件防护警报958配置入侵规则的外部警报961使用 SNMP 响应961配置 SNMP 响应963使用系统日志响应964配置系统日志响应965了解邮件警报966配置邮件警报967网络发现简介969了解发现数据收集969了解主机数据收集970了解用户数据收集971托管设备972用户代理973防御中心-LDAP 服务器连接974用户数据库974用户活动数据库975访问受控用户数据库975用户数据收集限制976了解应用检测977了解应用协议检测过程978通过客户端检测进行隐含应用协议检测979主机限制和发现事件日志记录979有关应用协议检测的特殊注意事项:Squid980特殊注意事项:SSL 应用检测980特殊注意事项:被推荐网络应用980导入第三方发现数据981发现数据的用途981了解 NetFlow982NetFlow 与 FireSIGHT 数据之间的差异982准备分析 NetFlow 数据984了解危害表现985了解危害表现类型985基于终端的恶意软件事件 IOC 类型985入侵事件 IOC 类型986安全情报事件 IOC 类型986查看和编辑危害表现数据987创建网络发现策略987使用发现规则988了解设备选择989了解操作和发现的资产989了解受监控网络989了解网络发现策略中的区域990了解端口排除990添加发现规则990创建网络对象992创建端口对象992限制用户日志记录993配置高级网络发现选项994配置常规设置995配置身份冲突解决995启用漏洞影响评估映射996设置危害表现规则997添加支持 NetFlow 的设备997配置数据存储998配置发现事件日志记录999添加身份源1000应用网络发现策略1000增强网络发现1003评估检测策略1003受管设备是否正确布置?1004未识别的操作系统是否拥有唯一的 TCP 堆栈?1004FireSIGHT 系统能否识别所有应用?1005是否已应用可修复漏洞的修补程序?1005是否想要跟踪第三方漏洞?1005增强网络映射1005了解被动检测1005了解主动检测1006了解当前标识1006了解标识冲突1007使用自定义指纹技术1008设置客户端指纹1009指纹技术服务器1011管理指纹1013激活指纹1014停用指纹1014删除指纹1015编辑指纹1015编辑非活动指纹1015编辑活动指纹1016使用应用检测器1016创建用户定义的应用协议检测器1018提供基本的应用协议检测器信息1019创建用户定义的应用1020为应用协议检测器指定检测条件1021向应用协议检测器添加检测模式1021针对数据包捕获测试应用协议检测器1022管理检测器1023查看检测器详细信息1024对检测器列表进行排序1024过滤检测器列表1024导航至其他检测器页面1026激活和停用检测器1026修改应用检测器1027删除检测器1028导入主机输入数据1028启用第三方数据1029管理第三方产品映射1029映射第三方产品1029映射第三方产品修补程序1031映射第三方漏洞1032管理自定义产品映射1032创建自定义产品映射1033编辑自定义产品映射列表1034管理自定义产品映射激活状态1034配置主动扫描1035了解 Nmap 扫描1035了解 Nmap 补救1036创建 Nmap 扫描策略1038选择适当的扫描目标1038选择适当端口进行扫描1039设置主机发现选项1039样本 Nmap 扫描配置文件1039示例:解析未知操作系统1039示例:响应新主机1040设置 Nmap 扫描1041创建 Nmap 扫描实例1042创建 Nmap 扫描目标1042创建 Nmap 补救1044管理 Nmap 扫描1046管理 Nmap 扫描实例1046编辑 Nmap 扫描实例1047删除 Nmap 扫描实例1047管理 Nmap 补救1048编辑 Nmap 补救1048删除 Nmap 补救1048运行按需 Nmap 扫描1049管理扫描目标1050编辑扫描目标1050删除扫描目标1051处理主动扫描结果1051查看扫描结果1051了解扫描结果表1053分析扫描结果1053监控扫描1053导入扫描结果1054搜索扫描结果1055使用网络映射1057了解网络映射1057使用主机网络映射1058使用网络设备网络映射1059使用危害表现网络映射1060使用移动设备网络映射1061使用应用网络映射1061使用漏洞网络映射1062处理主机属性网络映射1064使用自定义网络拓扑1064创建自定义拓扑1065提供基本拓扑信息1066导入发现的拓扑1067从网络发现策略导入网络1067手动向自定义拓扑添加网络1068管理自定义拓扑1069使用主机配置文件1071查看主机配置文件1074使用主机配置文件中的基本主机信息1075使用主机配置文件中的 IP 地址1076使用主机配置文件中的危害表现1077编辑单台主机的危害表现规则状态1077查看危害表现源事件1078解决危害表现1079使用主机配置文件中的操作系统1079查看操作系统的标识1080编辑操作系统1081解决操作系统的标识冲突1082使用主机配置文件中的服务器1083服务器详细信息1084编辑服务器标识1086解决服务器标识冲突1086使用主机配置文件中的应用1087查看主机配置文件中的应用1087删除主机配置文件上的应用1088使用主机配置文件中的 VLAN 标签1089使用主机配置文件中的用户历史1089使用主机配置文件中的主机属性1089分配主机的属性值1090使用主机配置文件中的主机协议1090使用主机配置文件中的白名单违规1091从主机配置文件创建白名单主机配置文件1091使用主机配置文件中的恶意软件检测1092使用主机配置文件中的漏洞1093查看漏洞细节1094设置漏洞影响限定1095下载漏洞补丁1096设置单个主机的漏洞1096使用预先定义的主机属性1097使用用户定义的主机属性1097创建用户定义的主机属性1098创建整数主机属性1099创建列表主机属性1099编辑用户定义的主机属性1100删除用户定义的主机属性1101使用主机配置文件的扫描结果1101扫描主机配置文件中的主机1101使用发现事件1103查看发现事件统计数据1104统计摘要1104事件明细1105协议明细1106应用协议明细1106OS 明细1106查看发现性能 图表1107了解发现事件工作流程1108使用发现和主机输入事件1109了解发现事件类型1110了解主机输入事件类型1113查看发现和主机输入事件1115了解发现事件表1116搜索发现事件1117使用主机1119查看主机1119了解主机表1120为所选主机创建流量量变曲线1122在所选主机上创建合规性白名单1123搜索主机1123使用主机属性1126查看主机属性1126了解主机属性表1127为所选主机设置主机属性1128搜索主机属性1128使用危害表现1130查看危害表现1130了解危害表现表1131搜索危害表现1132使用服务器1133查看服务器1134了解服务器表1134搜索服务器1136使用应用1138查看应用1138了解应用表1139搜索应用1140使用应用详情1141查看应用详情1142了解应用详情表1142搜索应用详情1144使用漏洞1145查看漏洞1146了解漏洞表1147停用漏洞1148搜索漏洞1148使用第三方漏洞1150查看第三方漏洞1150了解第三方漏洞表1151搜索第三方漏洞1152使用用户1154查看用户1155了解用户表1155了解用户详细信息和主机历史记录1157搜索用户1157使用用户活动1159查看用户活动事件1160了解用户活动表1160搜索用户活动1161配置关联策略和规则1165创建关联策略规则1166提供基本规则信息1168指定关联规则触发标准1168入侵事件语法1170恶意软件事件的语法1172发现事件的语法1173用户活动事件的语法1175主机输入事件的语法1176连接事件的语法1177流量量变曲线更改的语法1179添加主机配置文件限定条件1181用于主机配置文件限定条件的语法1182使用超时连接数据限制关联规则1183添加连接跟踪器1184连接跟踪器的语法1185连接跟踪器事件的语法1187示例:来自外部主机的其他连接1188示例:其他 BitTorrent 数据传输1190添加用户资格1193用户资格的语法1194添加暂停和非活动周期1194了解规则构建细节1195构建一个条件1197添加和连接条件1199在一个条件中使用多个值1202管理关联策略的规则1202修改规则1203删除规则1203创建规则组1203对关联响应进行分组1204创建响应组1204修改响应组1205删除响应组1205激活和停用响应组1206创建关联策略1206提供基本策略信息1207将规则和白名单添加至关联策略1208设置规则和白名单优先级1208将响应添加至规则和白名单1209管理关联策略1210激活和停用关联策略1211编辑关联策略1211删除关联策略1211使用关联事件1212查看关联事件1212了解关联事件表1214搜索关联事件1215将 FireSIGHT 系统用作一个合规工具1219了解合规白名单1220了解白名单的目标1221了解白名单主机配置文件1221了解全局主机配置文件1222了解特定操作系统的主机配置文件1222了解共享主机配置文件1222了解白名单评估1223了解白名单违规1223创建合规白名单1225调查网络1226提供白名单的基本信息1227配置合规白名单的目标1227修改现有目标1229删除现有目标1229配置合规白名单的主机配置文件1229配置全局主机配置文件1230创建特定操作系统的主机配置文件1230添加应用协议至主机配置文件1231添加客户端至主机配置文件1232添加网络应用至主机配置文件1233添加通信协议至主机配置文件1234添加共享主机配置文件至合规白名单1235修改现有的主机配置文件1235删除现有的主机配置文件1238管理合规白名单1238修改合规白名单1239删除合规白名单1239使用共享主机配置文件1239创建共享主机配置文件1240修改共享主机配置文件1241删除某个共享主机配置文件1243将内置主机配置文件重置为出厂默认设置1243处理白名单事件1244查看白名单事件1244了解白名单事件表1246搜索合规白名单事件1247处理白名单的违规事件1248查看白名单违规事件1249了解白名单违规事件表1250搜索白名单的违规事件1251创建流量量变曲线1253提供基本量变曲线信息1255指定流量量变曲线条件1255流量量变曲线条件的语法1256添加主机配置文件限定条件1257用于主机配置文件限定条件的语法1257设置量变曲线选项1259保存流量量变曲线1259激活和禁用流量量变曲线1260编辑流量量变曲线1260了解条件构建机制1261构建一个条件1262添加和连接条件1263在一个条件中使用多个值1266查看流量量变曲线1267配置补救1269创建补救1269为 Cisco IOS 路由器配置补救1271添加 Cisco IOS 实例1271Cisco IOS Block Destination 补救1272Cisco IOS Block Destination Network 补救1273Cisco IOS Block Source 补救1274Cisco IOS Block Source Network 补救1274配置 Cisco PIX 防火墙补救1275添加 Cisco PIX 实例1276Cisco PIX Block Destination 补救1277Cisco PIX Block Source 补救1278配置 Nmap 补救1278添加 Nmap 扫描实例1278Nmap 扫描补救1279配置设定的属性补救1282添加设定的属性值实例:1282设定的属性值补救1282处理补救状态事件1283查看补救状态事件1283处理补救状态事件1285了解补救状态表1285搜索补救状态事件1286使用控制面板1289了解控制面板构件1291了解构件可用性1292了解构件首选项1294了解预定义构件1294了解 Appliance Information 构件1295了解 Appliance Status 构件1296了解 Correlation Events 构件1296了解 Current interface Status 构件1297了解 Current Sessions 构件1298了解 Custom Analysis 构件1298配置 Custom Analysis 构件1301从 Custom Analysis 构件查看关联事件1309Custom Analysis 构件限制1310了解 Disk Usage 构件1310了解 Interface Traffic 构件1311了解 Intrusion Events 构件1312了解 Network Compliance 构件1314了解 Product Licensing 构件1315了解 Product Updates 构件1316了解 RSS Feed 构件1317了解 System Load 构件1317了解 System Time 构件1318了解 White List Events 构件1318使用控制面板1319创建自定义控制面板1320查看控制面板1321修改控制面板1323更改控制面板属性1323添加选项卡1324删除选项卡1324重命名选项卡1325添加构件1325重新排列构件1326最小化和最大化构件1326删除构件1326删除控制面板1327使用 Context Explorer1329了解 Context Explorer1330了解“流量和入侵事件计数时间”图形1331了解“危害表现”部分1331查看“按指示划分的主机”图形1332查看“按主机划分的指示”图形1332了解“网络信息”部分1333查看“操作系统”图形1333查看“按源 IP 划分的流量”图形1335查看“按源用户划分的流量”图形1336查看“按访问控制措施划分的连接”图形1337查看“按目标 IP 划分的流量”图形1338查看“按入口/出口安全区域划分的流量”图形1338了解“应用信息”部分1339查看“按风险/业务相关性和应用划分的流量”图形1340查看“按风险/业务相关性和应用划分的入侵事件”图形1341查看“按风险/业务相关性和应用划分的主机”图形1342查看“应用详细信息”列表1342了解“安全情报”部分1343查看“按类别划分的安全情报流量”图形1343查看“按源 IP 划分的安全情报流量”图形1344查看“按目标 IP 划分的安全情报流量”图形1345了解“入侵信息”部分1345查看“按影响划分的入侵事件”图形1346查看“主要攻击者”图形1347查看“主要用户”图形1348查看“按优先级划分的入侵事件”图形1349查看“主要目标”图形1350查看“主要入口/出口安全区域”图形1351查看“入侵事件详细信息”列表1351了解“文件信息”部分1352查看“主要文件类型”图形1353查看“主要文件名”图形1354查看“按性质划分的文件”图形1354查看“发送文件的主要主机”图形1356查看“接收文件的主要主机”图形1357查看“主要恶意软件检测”图形1358了解“地理定位信息”部分1358查看“按发起方/响应方国家/地区划分的连接”图形1359查看“按源/目标地国家/地区划分的入侵事件”图形1360查看“按发送/接收国家/地区划分的文件事件”图形1361了解“URL 信息”部分1361查看“按 URL 划分的流量”图形1362查看“按 URL 类别划分的流量”图形1363查看“按 URL 声誉划分的流量”图形1364刷新 Context Explorer1364设置 Context Explorer 的时间范围1365Context Explorer 部分最小化和最大化1365向下钻取 Context Explorer 数据1366使用 Context Explorer 中的过滤器1367添加和应用过滤器1367用上下文菜单创建过滤器1370用书签标示过滤器1371使用报告1373了解报告模板1373创建和编辑报告模板1375新建报告模板1375创建模板外壳1375配置模板部分的内容1376设置 PDF 和 HTML 报告文档属性1377根据现有模板创建报告模板1377使用预定义报告模板1378从事件视图创建报告模板1380通过导入控制面板或工作流程创建报告模板1381编辑报告模板的各部分1383设置模板部分的表和数据格式。1383为模板部分指定搜索或过滤器。1384设置表格式部分中显示的搜索字段1385向报告模板添加文本部分1385向报告模板添加分页符1385设置模板及其部分的时间段1386重命名模板部分1387预览模板部分1387使用报告模板部分中的搜索1388使用输入参数1388预定义的输入参数1389用户定义的输入参数1389编辑报告模板中的文档属性1392自定义封面1393管理徽标1394添加新徽标1394更改报告模板的徽标1395删除徽标1395生成并查看报告1396使用报告生成选项1398使用计划程序生成报告1398生成时通过邮件分发报告1398为报告使用远程存储1399管理报告模板和报告文件1400导出和导入报告模板1400删除报告模板1401下载报告1402删除报告1402了解和使用工作流程1405工作流程的组件1405比较预定义和自定义工作流程1407比较预定义表和自定义表的工作流程1407预定义入侵事件工作流程1407预定义恶意软件工作流程1409预定义文件工作流程1410预定义捕获文件工作流程1410预定义连接数据工作流程1410预定义安全情报工作流程1411预定义主机工作流程1412预定义危害表现工作流程1412预定义应用工作流程1412预定义应用详情工作流程1413预定义服务器工作流程1413预定义主机属性工作流程1414预定义发现事件工作流程1414预定义用户工作流程1414预定义漏洞工作流程1414预定义第三方漏洞工作流程1415预定义相关性和白名单工作流程1415预定义系统工作流程1416已保存自定义工作流1416使用工作流程1417选择工作流程1418了解工作流程工具栏1419使用工作流程页面1420使用通用表视图或向下钻取页面功能1420使用地理定位1421使用表视图页面1423使用向下钻取页面1423使用主机视图、数据包视图或漏洞详细信息页面1423设置事件时间限制1423更改时间段1424更改事件类型的默认时间段1428暂停时间窗口1430限制事件1430使用复合限制1432对表视图页面进行排序并更改其布局1433对向下钻取工作流程页面进行排序1433选择工作流程页面上的行1434导航到工作流程中的其他页面1434在工作流程之间导航1435使用书签1436创建书签1437查看书签1437删除书签1437使用自定义工作流程1438创建自定义工作流程1438创建自定义连接数据工作流程1440查看自定义工作流程1441查看预定义表的自定义工作流程1441查看自定义表的自定义工作流程1442编辑自定义工作流程1442删除自定义工作流程1443使用自定义表1445了解自定义表1445了解可能的表组合1446创建自定义表1449修改自定义表1451删除自定义表1452根据自定义表查看工作流程1452搜索自定义表1453搜索事件1455执行和保存搜索1455执行搜索1456加载已保存的搜索1458删除已保存的搜索1458在搜索中使用通配符和符号1459在搜索中使用对象和应用过滤器1459在搜索中指定时间约束1459在搜索中指定 IP 地址1460在搜索中指定设备1460在搜索中指定端口1461停止长期查询1461管理用户1463了解思科用户身份验证1463了解内部身份验证1464了解外部身份验证1465了解用户权限1465管理身份验证对象1467LDAP 身份验证1467了解 LDAP 身份验证1467了解默认值1468了解基础 DN1468了解基本过滤器1468了解模拟帐户1469了解 LDAP 连接1469了解用户名模板1469了解连接超时1469了解用于管理访问的属性1469了解用于管理访问的组成员资格1470了解外壳访问1470了解通过 CAC 进行 LDAP 身份验证1471配置 CAC 身份验证和授权1471管理 CAC 身份验证和授权1472准备创建 LDAP 身份验证对象1473创建基本 LDAP 身份验证对象1473调整基本 LDAP 身份验证连接1476创建高级 LDAP 身份验证对象1477识别 LDAP 身份验证服务器1478配置特定于 LDAP 的参数1479按组配置访问权限1483配置外壳访问1484测试用户身份验证1485LDAP 身份验证对象示例1486示例:基本 LDAP 配置1486示例:高级 LDAP 配置1487编辑 LDAP 身份验证对象1490RADIUS 身份验证1490了解 RADIUS 身份验证1491创建 RADIUS 身份验证对象1491配置 RADIUS 连接设置1492配置 RADIUS 用户角色1493配置管理外壳访问1494定义自定义 RADIUS 属性1495测试用户身份验证1496RADIUS 身份验证对象示例1496示例:使用 RADIUS 对用户进行身份验证1497示例:使用自定义属性对用户进行身份验证1499编辑 RADIUS 身份验证对象1501删除身份验证对象1501管理用户帐户1502查看用户帐户1502添加新用户帐户1503管理命令行访问1504管理外部身份验证用户帐户1505管理用户登录设置1506配置用户角色1507管理预定义用户角色1508管理自定义用户角色1510创建预定义用户角色的自定义副本1511删除自定义用户角色1512修改用户权限和选项1512了解受限用户访问属性1513修改用户密码1513删除用户帐户1514用户帐户权限1514Overview 菜单1514Analysis 菜单1515Policies 菜单1518Devices 菜单1519对象管理器1520FireAMP1520Health 菜单1520系统菜单1521Help 菜单1522管理用户角色升级1522配置升级目标角色1522为升级配置自定义用户角色1523升级用户角色1524配置从思科安全管理器单点登录1524安排任务1527配置周期性任务1528自动运行备份作业1529自动执行证书撤销列表下载1530自动运行 Nmap 扫描1531为 Nmap 扫描准备系统1531安排 Nmap 扫描1531自动应用入侵策略1532自动化生成报表1533自动运行地理定位数据库更新1534自动 FireSIGHT 生成建议1535自动执行软件更新1536自动下载软件1537自动推送软件1538自动安装软件1539自动更新漏洞数据库1540自动下载 VDB 更新1540自动安装 VDB 更新1541自动更新 URL 过滤1542查看任务1543使用日历1543使用任务列表1544编辑预定任务1545删除预定任务1545删除周期性任务1546删除一次性任务1546管理系统策略1547创建系统策略1548编辑系统策略1549应用系统策略1550比较系统策略1550使用系统策略比较视图1551使用系统策略比较报告1551删除系统策略1552配置系统策略1553配置访问控制策略首选项1553配置设备的访问列表1554配置审核日志1555启用外部身份验证1557配置控制面板设置1559配置控制面板事件限制1560配置 DNS 缓存属性1562配置邮件中继主机和通知地址1563配置网络分析策略首选项1564配置入侵策略首选项1565指定其他语言1566添加自定义登录横幅1566配置SNMP 轮询1567启用 STIG 合规性1568同步时间1570从防御中心提供时间1571配置用户界面设置1572映射服务器的漏洞1573配置设备设置1575查看和修改设备信息1576使用自定义 HTTPS 证书1577查看当前 HTTPS 服务器证书1577生成服务器证书签名请求1578上传服务器证书1579要求用户证书1579启用数据库访问1580配置管理接口1582了解管理接口选项1582接口1582路由1583共享设置1584LCD 面板1584代理1584编辑管理接口1584关闭并重新启动系统1585手动设置时间1586管理远程存储1588使用本地存储1588将 NFS 用于远程存储1589将 SSH 用于远程存储1589将 SMB 用于远程存储1590了解更改调节1592管理远程控制台访问1593配置设备上的远程控制台设置1594启用无人值守管理用户访问1595使用 LAN 上串行连接1596使用无人值守管理1597启用云通信1599启用 VMware 工具1601许可 FireSIGHT 系统1603了解许可1603许可证类型和限制1604FireSIGHT1605保护1605可控性1606URL 过滤1606恶意软件1607VPN1607许可高可用性对。1608许可堆栈和集群设备1608许可 2 系列设备1608了解 FireSIGHT 主机和用户许可证限制1608了解 FireSIGHT 主机限制1609了解 FireSIGHT 用户限制1610了解访问受控用户限制1610查看您的许可证1610添加许可证至防御中心1611删除许可证1612更改设备的已许可功能1612更新系统软件1615了解更新类型1615进行软件更新1616制定更新计划1616了解更新过程1618更新 防御中心1620更新受管设备1622监控主要更新状态1623卸载软件更新1624更新漏洞数据库1626导入规则更新和本地规则文件1627使用一次性规则更新1628使用手动一次性规则更新1628使用自动一次性规则更新1629使用周期性规则更新1630导入本地规则文件1631查看规则更新日志1633了解规则更新日志表1634查看规则更新导入日志详细信息1634了解 Rule Update Import Log 详细视图1635搜索规则更新导入日志1636更新地理定位数据库1638监控系统1641查看主机统计信息1641监控系统状态和磁盘空间使用情况1643查看系统进程状态1644了解运行的进程1646了解系统后台守护程序1646了解可执行文件和系统实用程序1647使用运行状况监控1649了解运行状况监控1649了解运行状况策略1651了解运行状况模块1651了解运行状况监控配置1653配置运行状况策略1654了解默认运行状况策略1654创建运行状况策略1655配置策略运行时间间隔1657配置高级恶意软件防护监控1657配置设备心跳监控1658配置自动应用旁路监控1659配置 CPU 使用率监控1659配置卡重置监控1660配置磁盘状态监控1660配置磁盘使用率监控1661配置 FireAMP 状态监控1662配置 FireSIGHT 主机使用情况监控1663配置硬件告警监控1663配置运行状况监控1664配置内联链路不匹配告警监控1665配置接口状态监控1665配置入侵事件速率监控1666了解许可证监控1667配置链路状态传播监控1667配置内存使用率监控1667配置电源监控1668配置进程状态监控1669配置重新配置检测监控1670配置 RRD 服务器进程监控1670配置安全情报监控1671配置时序数据监控1672配置时间同步监控1672配置 URL 过滤监控1673配置用户代理状态监控1673配置 VPN 状态监控1674应用运行状况策略1674编辑运行状况策略1675比较运行状况策略1677使用运行状况策略比较视图1678使用运行状况策略比较报告1678删除运行状况策略1679使用运行状况监视器黑名单1680将运行状况策略或设备列入黑名单1681将设备列入黑名单1681将运行状况策略模块列入黑名单1682配置运行状况监视警报1683创建运行状况监视器警报1683解释运行状况监控器警报1684编辑运行状况监视器警报1684删除运行状况监视器警报1685使用运行状况监视器1685解释运行状况监视器状态1686使用设备运行状况监视器1686按状态查看警报1687运行设备的所有模块1688运行特定运行状况模块1688生成运行状况模块警报图形1689使用运行状况监视器进行故障排除1690生成设备故障排除文件1690下载故障排除文件1691处理运行状况事件1691了解运行状况事件视图1692查看运行状况事件1692查看所有运行状况事件1692按模块和设备查看运行状况事件1693处理运行状况事件表视图1694解释 3D9900 设备的硬件警报详细信息1695解释 3 系列设备的硬件警报详细信息1695了解运行状况事件表1697搜索运行状况事件1698审计系统1701管理审计记录1701查看审计记录1702使用审计事件1703屏蔽审计记录1704了解审计日志表1706使用审计日志检查更改1707搜索审计记录1708查看系统日志1709过滤系统日志消息1710使用备份和恢复1713创建备份文件1714创建备份配置文件1717从本地主机上传备份1718从备份文档恢复设备1719指定用户首选项1721更改密码1721更改过期密码1722指定主页1722配置事件查看设置1723事件首选项1723文件首选项1724默认时间段1725默认工作流程1726设置默认时区1726指定默认控制面板1727导入和导出配置1729导出配置1729导入配置1732从数据库清除发现数据1735查看长时间运行任务的状态1737查看任务队列1737管理任务队列1738命令行参考1739基本 CLI 命令1740configure password1740end1740exit1741帮助1741历史1741logout1742?(问号)1742??(double question marks)1742显示命令1743access-control-config1744alarms1745arp-tables1745audit-log1745bypass1745集群1746config1746clustering ha-statistics1746cpu1746database1747processes1748slow-query-log1748device-settings1748disk1748disk-manager1749dns1749expert1749fan-status1750fastpath-rules1750gui1750主机名1750主机1751hyperthreading1751inline-sets1751接口1752ifconfig1752lcd1752link-aggregation1753configuration1753statistics1753link-state1753log-ips-connection1754managers1754memory1754型号1754mpls-depth1755NAT1755active-dynamic1755active-static1755allocators1756config1756dynamic-rules1756flows1756static-rules1757netstat1757网络1757network-modules1757network-static-routes1758ntp1758perfstats1758portstats1759power-supply-status1759process-tree1759processes1759route1760routing-table1760serial-number1760ssl-policy-config1761堆叠1761小结1761时间1762traffic-statistics1762用户1762用户1763位置1763virtual-routers1764virtual-switches1764vmware-tools1764VPN1765config1765config by virtual router1765状态1765status by virtual router1766counters1766counters by virtual router1766配置命令1766集群1767bypass1767gui1767lcd1768log-ips-connections1768管理器1768add1768删除1769mpls-depth1769网络1769dns searchdomains1769dns servers1770主机名1770http-proxy1770http-proxy-disable1770ipv4 delete1771ipv4 dhcp1771ipv4 manual1771ipv6 delete1771ipv6 dhcp1771ipv6 router1772ipv6 manual1772management-interface disable1772management-interface disable-event-channel1772management-interface disable-management-channel1772management-interface enable1773management-interface enable-event-channel1773management-interface enable-management-channel1773management-interface tcpport1773management-port1774static-routes ipv4 add1774static-routes ipv4 delete1774static-routes ipv6 add1774static-routes ipv6 delete1775密码1775stacking disable1775用户1776add1776aging1776删除1776禁用1777enable1777forcereset1777maxfailedlogins1777密码1778strengthcheck1778解锁1778vmware-tools1778系统命令1779access-control1779archive1779clear-rule-counts1780rollback1780disable-http-user-cert1780file1780copy1780删除1781list1781secure-copy1781generate-troubleshoot1781ldapsearch1782lockdown-sensor1782nat rollback1782reboot1783restart1783shutdown1783安全、互联网接入和通信端口1785互联网访问要求1785通信端口要求1786第三方产品1789词汇表1791Tamaño: 20 MBPáginas: 1826Language: 中文(zhōngwén)Manuales abiertas
Guía De InstalaciónTabla de contenidosFireSIGHT 시스템 소개9FireSIGHT 시스템 어플라이언스10Series 2 어플라이언스11Series 3 어플라이언스12가상 어플라이언스12Sourcefire Software for X-Series12Cisco ASA with FirePOWER Services13버전 5.3.1에 제공되는 어플라이언스13방어 센터 모델에서 지원하는 기능15관리되는 기기 모델별 지원되는 기능16Series 3 기기 섀시 지정177000 Series 섀시 지정188000 Series 섀시 지정18FireSIGHT 시스템 구성 요소18FireSIGHT 시스템 라이센싱20레거시 RNA 호스트 및 RUA 사용자 라이센스 사용23보안, 인터넷 액세스, 통신 포트23인터넷 액세스 요구 사항24통신 포트 요구 사항25어플라이언스 사전 구성27구축 이해29구축 옵션 이해30인터페이스 이해30수동 인터페이스30인라인 인터페이스31스위칭된 인터페이스32라우팅된 인터페이스32하이브리드 인터페이스33기기를 네트워크에 연결33허브 사용33Span 포트 사용34네트워크 탭 사용34구리 인터페이스의 인라인 구축 케이블링34특수 사례368000 Series 기기 연결36원격 콘솔 변경36구축 옵션36가상 스위치로 구축37가상 라우터로 구축38하이브리드 인터페이스로 구축39게이트웨이 VPN 구축40정책 기반 NAT로 구축41액세스 제어로 구축41방화벽 내부42DMZ에서43내부 네트워크에서44코어 네트워크에서45원격 또는 모바일 네트워크에서45멀티포트 관리되는 기기 사용46복잡한 네트워크 구축48VPN 통합48다른 진입점의 침입 감지49멀티 사이트 환경에 구축50복잡한 네트워크 내 관리되는 기기 통합52프록시 서버 및 NAT와 통합52로드 밸런싱 방법과 통합53기타 감지 관련 고려 사항53FireSIGHT 시스템 어플라이언스 설치55기본 제공 품목55보안 고려 사항56관리 인터페이스 식별56FireSIGHT 방어 센터 75056FireSIGHT 방어 센터 150057FireSIGHT 방어 센터 350057FireSIGHT 7000 Series57FireSIGHT 8000 Series58센싱 인터페이스 식별58FirePOWER 7000 Series593D7010, 3D7020 , 3D7030593D7110 및 3D7120603D7115, 3D7125, AMP715061FirePOWER 8000 Series628000 Series 모듈638000 Series 스태킹 모듈67스태킹 컨피그레이션에서 기기 사용683D8140 연결6982xx 제품군 및 83xx 제품군 연결693D8250 또는 3D8350 기본 기기 및 보조 기기 1개703D8260 또는 3D8360 기본 기기 및 보조 기기 1개703D8270 또는 3D8370 기본 기기(40G) 및 보조 기기 2개713D8290 또는 3D8390 기본 기기(40G) 및 보조 기기 3개718000 Series 스태킹 케이블 사용72스태킹된 기기 관리73랙에 어플라이언스 설치73콘솔 출력 리디렉션76인라인 바이패스 인터페이스 설치 테스트77FireSIGHT 시스템 어플라이언스 설정79설정 프로세스 이해80Series 3 방어 센터 설정81Series 3 기기 설정82스크립트를 사용하여 네트워크 설정 구성82CLI를 사용하여 Series 3 기기에서 초기 설정 수행83CLI를 사용하여 Series 3 기기를 방어 센터에 등록85초기 설정 페이지: 기기86비밀번호 변경87네트워크 설정87Series 3 기기 LCD 패널 컨피그레이션87원격 관리87시간 설정88감지 모드88자동 백업89최종사용자 라이센스 계약89초기 설정 페이지: 방어 센터89비밀번호 변경91네트워크 설정91시간 설정91반복 규칙 업데이트 가져오기91반복 위치 업데이트92자동 백업92라이센스 설정92기기 등록93최종사용자 라이센스 계약94다음 단계94Series 3 디바이스에서 LCD 패널 사용97LCD 패널 구성 요소 이해98LCD 다기능 키 사용99Idle Display(유휴 디스플레이) 모드99Network Configuration(네트워크 컨피그레이션) 모드100LCD 패널을 사용하여 네트워크 재구성 허용102시스템 상태 모드102Information(정보) 모드104Error Alert(오류 경고) 모드105하드웨어 사양107랙 및 캐비닛 마운팅 옵션107방어 센터107DC750107DC750 섀시 전면108DC750 섀시 후면110DC750 물리적 및 환경 매개변수111DC1500111DC1500 섀시 전면111DC1500 섀시 후면114DC1500 물리적 및 환경 매개변수115DC3500115DC3500 섀시 전면115DC3500 섀시 후면118DC3500 물리적 및 환경 매개변수1197000 Series 기기1203D7010, 3D7020, 3D703012070xx 제품군 전면120센싱 인터페이스12270xx 제품군 후면12370xx 제품군 물리적 및 환경 매개변수1243D7110 및 3D71201253D7110 및 3D7120 섀시 전면1253D7110 및 3D7120 센싱 인터페이스1273D7110 및 3D7120 섀시 후면1293D7110 및 3D7120 물리적 및 환경 매개변수1303D7115, 3D7125, AMP71501313D7115, 3D7125, AMP7150 섀시 전면1323D7115, 3D7125, AMP7150 센싱 인터페이스134SFP 인터페이스1353D7115, 3D7125, AMP7150 섀시 후면1363D7115, 3D7125, AMP7150 물리적 및 환경 매개변수1388000 Series 기기1398000 Series 섀시 전면1408000 Series 섀시는 81xx 제품군, 82xx 제품군 또는 83xx 제품군에 장착할 수 있습니다.14081xx 제품군 섀시 전면14082xx 제품군 및 83xx 제품군 섀시 전면1408000 Series 전면 패널1418000 Series 섀시 후면14381xx 제품군 섀시 후면14382xx 제품군 섀시 후면14483xx 제품군 섀시 후면1448000 Series 물리적 및 환경 매개변수1468000 Series 모듈149쿼드 포트 1000BASE-T 구리 바이패스 구성 가능 NetMod149쿼드 포트 1000BASE-SX 파이버 바이패스 구성 가능 NetMod150듀얼 포트 10GBASE(MMSR 또는 SMLR) 파이버 바이패스 구성 가능 NetMod151듀얼 포트 40GBASE-SR4 파이버 바이패스 구성 가능 NetMod153쿼드 포트 1000BASE-T 구리 비-바이패스 NetMod154쿼드 포트 1000BASE-SX 파이버 비-바이패스 NetMod155쿼드 포트 10GBASE(MMSR 또는 SMLR) 파이버 비-바이패스 NetMod156스태킹 모듈157FireSIGHT 시스템 어플라이언스를 출고 시 기 본 설정으로 복원159시작하기 전에159컨피그레이션 및 이벤트 백업 지침159복원 프로세스 중 트래픽 흐름160복원 프로세스 이해160ISO 복원 및 업데이트 파일 가져오기161복원 프로세스 시작163KVM 또는 물리적 시리얼 포트를 이용하여 복원 유틸리티 시작163LOM을 사용하여 복원 유틸리티 시작165대화형 메뉴를 사용하여 어플라이언스 복원166어플라이언스의 관리 인터페이스 식별168ISO 이미지 위치 및 전송 모드 지정169복원 중 시스템 소프트웨어 및 침입 규칙 업데이트170ISO 및 업데이트 파일 다운로드 및 이미지 마운트171복원 프로세스 호출171복원 컨피그레이션 저장 및 로드173CD를 사용하여 DC1000 또는 DC3000 복원175다음 단계176LOM 설정176LOM 및 LOM 사용자 활성화177IPMI 유틸리티 설치179FirePOWER 기기의 전력 요구 사항181경고 및 주의 사항181정전기 관리18170xx 제품군 어플라이언스182설치182전압182전류182주파수 범위182전력 코드182접지 요구 사항183본딩 위치183권장되는 터미널183접지 배선 요구 사항18371xx 제품군 어플라이언스183설치184별도의 회로 설치184동일한 회로 설치184전압184전류184주파수 범위184전력 코드184접지 요구 사항185본딩 위치185권장되는 터미널185접지 배선 요구 사항18581xx 제품군 어플라이언스185AC 설치186별도의 회로 설치186동일한 회로 설치186AC 전압186AC 전류186주파수 범위186전력 코드187DC 설치187별도의 회로 설치187동일한 회로 설치187DC 전압187DC 전류187접지 기준188권장되는 터미널188차단기 요구 사항188최소 배선 규격 요구 사항188접지 요구 사항188본딩 위치188권장되는 터미널189접지 배선 요구 사항189DC 공급 장치18982xx 제품군 어플라이언스189AC 설치190별도의 회로 설치190동일한 회로 설치190AC 전압190AC 전류190주파수 범위190전력 코드191DC 설치191별도의 회로 설치191동일한 회로 설치191DC 전압191DC 전류191접지 기준192권장되는 터미널192차단기 요구 사항192최소 배선 규격 요구 사항192접지 요구 사항192본딩 위치192권장되는 터미널193접지 배선 요구 사항193DC 공급 장치19383xx 제품군 어플라이언스193AC 설치194별도의 회로 설치194동일한 회로 설치194AC 전압194AC 전류194주파수 범위194전력 코드195DC 설치195별도의 회로 설치195동일한 회로 설치195DC 전압195DC 전류195접지 기준196권장되는 터미널196차단기 요구 사항196최소 배선 규격 요구 사항196접지 요구 사항196본딩 위치197권장되는 터미널197접지 배선 요구 사항197DC 공급 장치1973D71x5 및 AMP7150 디바이스에 SFP 트렌시버 사용1993D71x5 및 AMP7150 SFP 소켓 및 트렌시버199SFP 트렌시버 삽입200SFP 트렌시버 제거2018000 Series 모듈 삽입 및 제거2038000 Series 어플라이언스의 모듈 슬롯20381xx 제품군204스태킹 컨피그레이션 고려 사항20482xx 제품군 및 83xx 제품군204스태킹 컨피그레이션 고려 사항204기본 제공 품목205모듈 부품 식별206시작하기 전에206모듈 또는 슬롯 덮개 제거207모듈 또는 슬롯 덮개 삽입208하드 드라이브 삭제211하드 드라이브 콘텐츠 삭제211FireSIGHT 시스템 어플라이언스 사전 구성213시작하기 전에213필수 사전 구성 정보214선택적 사전 구성 정보214시간 관리 사전 구성215시스템 설치215디바이스 등록215어플라이언스 배송 준비216방어 센터에서 디바이스 삭제216방어 센터에서 라이센스 삭제217어플라이언스 종료217배송 시 고려 사항218어플라이언스 사전 구성 문제 해결218용어219Tamaño: 10 MBPáginas: 234Language: 한국어Manuales abiertas
Guía Del DesarrolladorTabla de contenidosIntroduction10Major Changes in eStreamer Version 5.311Using this Guide11Prerequisites12Product Versions for Sourcefire 3D System Releases13Document Conventions14IP Addresses15Understanding the eStreamer Application Protocol16Connection Specifications17Understanding eStreamer Communication Stages17Establishing an Authenticated Connection18Requesting Data from eStreamer19Establishing a Session19Using Event Stream Requests and Extended Requests to Initiate Event Streaming19Submitting Event Stream Requests20Submitting Extended Requests20Requesting Host Data21Changing a Request21Accepting Data from eStreamer21Event Stream Requests21Extended Requests21Terminating Connections22Understanding eStreamer Message Types22eStreamer Message Header24Null Message Format25Error Message Format26Event Stream Request Message Format28Initial Timestamp29Request Flags30Event Data Message Format37Understanding the Organization of Event Data Messages38Intrusion Event and Metadata Message Format39Discovery Event Message Format40Discovery Event Message Headers41Connection Event Message Format42Correlation Event Message Format42Correlation Record Header43Event Extra Data Message Format44Event Extra Data Message Record Header45Data Block Header46Host Request Message Format47Host Data and Multiple Host Data Message Format51Streaming Information Message Format52Streaming Request Message Format53Streaming Service Request Structure54Streaming Event Type Structure57Sample Extended Request Messages60Streaming Information Message60Streaming Request Message61Message Bundle Format61Understanding Metadata63Metadata Transmission63Understanding Intrusion and Correlation Data Structures64Intrusion Event and Metadata Record Types64Packet Record 4.8.0.2+67Priority Record69Intrusion Event Record 5.3+70Intrusion Impact Alert Data77User Record81Rule Message Record for 4.6.1+82Classification Record for 4.6.1+83Correlation Policy Record85Correlation Rule Record87Intrusion Event Extra Data Record89Intrusion Event Extra Data Metadata91Security Zone Name Record93Interface Name Record94Access Control Policy Name Record96Access Control Rule ID Record Metadata97Managed Device Record Metadata99Malware Event Record 5.1.1+100Sourcefire Cloud Name Metadata101Malware Event Type Metadata102Malware Event Subtype Metadata103FireAMP Detector Type Metadata104FireAMP File Type Metadata105Correlation Event for 5.1+106Understanding Series 2 Data Blocks116Series 2 Primitive Data Blocks121String Data Block121BLOB Data Block122List Data Block123Generic List Data Block124UUID String Mapping Data Block125Access Control Policy Rule ID Metadata Block126ICMP Type Data Block128ICMP Code Data Block129Access Control Policy Rule Reason Data Block131IP Reputation Category Data Block132File Event for 5.3+133Malware Event Data Block 5.3+140File Event SHA Hash for 5.3+149Rule Documentation Data Block for 5.2+151Geolocation Data Block for 5.2+156IOC State Data Block for 5.3+158IOC Name Data Block for 5.3+160Understanding Discovery & Connection Data Structures164Discovery and Connection Event Data Messages165Discovery and Connection Event Record Types166Metadata for Discovery Events172Fingerprint Record173Client Application Record174Vulnerability Record175Criticality Record178Network Protocol Record179Attribute Record180Scan Type Record181Server Record182Source Type Record183Source Application Record184Source Detector Record185Third Party Scanner Vulnerability Record186User Record188Web Application Record189Intrusion Policy Name Record190Access Control Rule Action Record Metadata191URL Category Record Metadata192URL Reputation Record Metadata193Access Control Rule Reason Metadata194Security Intelligence Category Metadata196Security Intelligence Source/Destination Record197Discovery Event Header 5.2+198Discovery and Connection Event Types and Subtypes201Host Discovery Structures by Event Type205New Host and Host Last Seen Messages206Server Messages206New Network Protocol Message207New Transport Protocol Message208Client Application Messages208IP Address Change Message209Operating System Update Messages210IP Address Reused and Host Timeout/Deleted Messages210Vulnerability Change Message211Hops Change Message211TCP and UDP Port Closed/Timeout Messages212MAC Address Messages212Host Identified as a Bridge/Router Message213VLAN Tag Information Update Messages213Change NetBIOS Name Message213Update Banner Message214Policy Control Message214Connection Statistics Data Message215Connection Chunk Message216User Set Vulnerabilities Messages for Version 4.6.1+216User Add and Delete Host Messages217User Delete Server Message217User Set Host Criticality Messages218Attribute Messages218Attribute Value Messages219User Server and Operating System Messages219User Protocol Messages220User Client Application Messages220Add Scan Result Messages221New Operating System Messages221Identity Conflict and Identity Timeout System Messages222User Data Structures by Event Type222User Modification Messages223User Information Update Message Block223Understanding Discovery (Series 1) Blocks224Series 1 Data Block Header224Series 1 Primitive Data Blocks225Host Discovery and Connection Data Blocks225String Data Block237BLOB Data Block238List Data Block239Generic List Block240Sub-Server Data Block241Protocol Data Block243Integer (INT32) Data Block244Vulnerability Reference Data Block245VLAN Data Block247Server Banner Data Block248String Information Data Block249Attribute Address Data Block 5.2+251Attribute List Item Data Block252Attribute Value Data Block253Full Sub-Server Data Block255Operating System Data Block 3.5+259Policy Engine Control Message Data Block260Attribute Definition Data Block for 4.7+261User Protocol Data Block265User Client Application Data Block for 5.1.1+266User Client Application List Data Block268IP Address Range Data Block for 5.2+270Attribute Specification Data Block271Host IP Address Data Block273MAC Address Specification Data Block274Address Specification Data Block275Connection Chunk Data Block for 5.1.1+277Fix List Data Block279User Server Data Block280User Server List Data Block281User Hosts Data Block 4.7+283User Vulnerability Change Data Block 4.7+285User Criticality Change Data Block 4.7+287User Attribute Value Data Block 4.7+289User Protocol List Data Block 4.7+291Host Vulnerability Data Block 4.9.0+293Identity Data Block294Host MAC Address 4.9+297Secondary Host Update298Web Application Data Block for 5.0+299Connection Statistics Data Block 5.3+300Scan Result Data Block 5.2+308Host Server Data Block 4.10.0+312Full Host Server Data Block 4.10.0+314Server Information Data Block for 4.10.x, 5.0 - 5.0.2319Full Server Information Data Block322Generic Scan Results Data Block for 4.10.0+325Scan Vulnerability Data Block for 4.10.0+328Full Host Client Application Data Block 5.0+331Host Client Application Data Block for 5.0+334User Vulnerability Data Block 5.0+336Operating System Fingerprint Data Block 5.1+339Mobile Device Information Data Block for 5.1+342Host Profile Data Block for 5.2+343User Product Data Block 5.1+353User Data Blocks362User Account Update Message Data Block364User Information Data Block375User Login Information Data Block 5.1+378Discovery and Connection Event Series 2 Data Blocks381Access Control Rule Data Block382Access Control Rule Reason Data Block 5.1+383Security Intelligence Category Data Block 5.1+385Understanding Host Data Structures387Full Host Profile Data Block 5.3+388Configuring eStreamer404Configuring eStreamer on the eStreamer Server405Configuring eStreamer Event Types405Adding Authentication for eStreamer Clients407Using An Alternate Management Interface with eStreamer409Managing the eStreamer Service412Starting and Stopping the eStreamer Service412eStreamer Service Options413Running the eStreamer Service in Debug Mode414Configuring the eStreamer Reference Client414Setting Up the eStreamer Perl Reference Client414Understanding the eStreamer Perl Reference Client415Configuring Communications for the eStreamer Reference Client416Loading General Prerequisites for the Perl Reference Client416Loading Prerequisites for the Perl SNMP Reference Client416Downloading and Unpacking the Perl Reference Client416Understanding the Data Requested by a Test Script417Modifying the Type of Data Requested by a Test Script418Creating a Certificate for the Perl Reference Client420Running the eStreamer Perl Reference Client422Testing a Client Connection over SSL Using a Host Request422Capturing a PCAP Using the Reference Client422Capturing CSV Records Using the Reference Client423Sending Records to an SNMP Server Using the Reference Client423Logging Events to the Syslog Using the Reference Client423Connecting to an IPv6 Address423Data Structure Examples425Intrusion Event Data Structure Examples425Example of an Intrusion Event for the Defense Center 5.3 +426Example of an Intrusion Impact Alert430Example of a Packet Record432Example of a Classification Record for 4.6.1+433Example of a Priority Record434Example of a Rule Message Record for 4.6.1+435Example of a Version 4.0 Correlation Policy Violation Event437Example of a Version 4.5 - 4.6.1 Correlation Event441Example of a Version 4.10 Correlation Event445Example of a Version 5.1+ User Event449Discovery Data Structure Examples453Example of a New Network Protocol Message453Example of a New TCP Server Message454Understanding Legacy Data Structures457Legacy Intrusion Data Structures458Intrusion Event (IPv4) Record for 4.9 - 4.10.x458Intrusion Event (IPv6) Record for 4.10.2.3462Intrusion Event (IPv4) Record 5.0.x - 5.1466Intrusion Event (IPv6) Record 5.0.x - 5.1472Intrusion Event Record 5.2.x478Intrusion Event Record 5.1.1.x485Legacy Malware Event Data Structures492Malware Event Data Block 5.1492Malware Event Data Block 5.1.1.x497Malware Event Data Block 5.2.x505Legacy Discovery Data Structures513Legacy Discovery Event Header514Discovery Event Header 4.8.0.2-5.1.1.x514Legacy Server Data Blocks516Host Server Data Block for Version 4.9.0.x516Web Application Data Block for 4.9.1 - 4.10.x519Host Server Data Block for 4.9.1.x520Full Server Data Block for 4.9.0.x523Full Server Data Block for 4.9.1.x529Server Information Data Block for 4.9.1 and Earlier534Attribute Address Data Block for 4.5.x - 5.1.1.x536Legacy Client Application Data Blocks537Host Client Application Data Block for 3.5 - 4.9.0.x538Host Client Application Data Block for 4.9.1 - 4.10.x539User Client Application Data Block for 5.1 and earlier541Legacy Scan Result Data Blocks543Generic Scan Results Data Block for 4.9.1.x and earlier543Scan Result Data Block for 4.6.1 - 4.9.1.x545Scan Result Data Block 4.10.0 - 5.1.1.x548Scan Vulnerability Data Block for 4.9 - 4.9.1.x551User Product Data Block for 4.10.x, 5.0 - 5.0.x554Legacy Vulnerability Blocks563User Vulnerability Data Block 4.7 - 4.10.x563Legacy User Login Data Blocks565User Login Information Data Block for 5.0 - 5.0.2565Legacy Host Profile Data Blocks567Host Profile Data Block for 4.9.x - 5.0.2567Legacy OS Fingerprint Data Blocks575Operating System Fingerprint Data Block for 4.9.x - 5.0.2575Legacy Connection Data Structures577Connection Statistics Data Block for 4.7 - 4.9.0.x577Connection Statistics Data Block 4.9.1 - 4.10.1581Connection Statistics Data Block 4.10.2.x585Connection Statistics Data Block 5.0 - 5.0.2590Connection Statistics Data Block 5.1595Connection Statistics Data Block 5.2.x602Connection Chunk Data Block for 4.10.1 - 5.1610Connection Statistics Data Block 5.1.1.x612Legacy File Event Data Structures619File Event for 5.1.1.x619File Event for 5.2.x623File Event SHA Hash for 5.1.1-5.2.x628Legacy Correlation Event Data Structures630Correlation Event for 4.8.0.2 - 4.9.1.x630Event Data Mask Field Values637Correlation Event for 4.10.x638Event Data Mask Field Values645Correlation Event for 5.0 - 5.0.2646Legacy Host Data Structures656Full Host Profile Data Block 4.8656Full Host Profile Data Block 4.9 - 4.10.x662Full Host Profile Data Block 5.0 - 5.0.2673Full Host Profile Data Block 5.1.1685Full Host Profile Data Block 5.2.x696Host Profile Data Block for 5.1.x711IP Range Specification Data Block for 4.7.x - 5.1.1.x718Legacy Metadata Structures719Detection Engine Record for 4.6.1 - 4.10.x719Index722Tamaño: 3 MBPáginas: 726Language: EnglishManuales abiertas
Guía Del DesarrolladorTabla de contenidosIntroduction11Major Changes in eStreamer Version 5.3.111Using this Guide12Prerequisites13Product Versions for FireSIGHT System Releases13Document Conventions14IP Addresses15Understanding the eStreamer Application Protocol17Connection Specifications17Understanding eStreamer Communication Stages18Establishing an Authenticated Connection18Requesting Data from eStreamer19Establishing a Session19Using Event Stream Requests and Extended Requests to Initiate Event Streaming19Submitting Event Stream Requests20Submitting Extended Requests20Requesting Host Data20Changing a Request20Accepting Data from eStreamer21Event Stream Requests21Extended Requests21Terminating Connections21Understanding eStreamer Message Types22eStreamer Message Header23Null Message Format23Error Message Format24Event Stream Request Message Format26Initial Timestamp27Request Flags27Event Data Message Format33Understanding the Organization of Event Data Messages33Intrusion Event and Metadata Message Format34Discovery Event Message Format35Discovery Event Message Headers35Connection Event Message Format36Correlation Event Message Format36Correlation Record Header37Event Extra Data Message Format38Event Extra Data Message Record Header39Data Block Header40Host Request Message Format40Host Data and Multiple Host Data Message Format43Streaming Information Message Format45Streaming Request Message Format46Streaming Service Request Structure46Streaming Event Type Structure48Sample Extended Request Messages50Streaming Information Message50Streaming Request Message51Message Bundle Format51Understanding Metadata52Metadata Transmission53Understanding Intrusion and Correlation Data Structures55Intrusion Event and Metadata Record Types55Packet Record 4.8.0.2+58Priority Record59Intrusion Event Record 5.3.1+60Intrusion Impact Alert Data 5.3+66User Record69Rule Message Record for 4.6.1+70Classification Record for 4.6.1+71Correlation Policy Record72Correlation Rule Record74Intrusion Event Extra Data Record75Intrusion Event Extra Data Metadata77Security Zone Name Record79Interface Name Record80Access Control Policy Name Record81Access Control Rule ID Record Metadata82Managed Device Record Metadata84Malware Event Record 5.1.1+84Collective Security Intelligence Cloud Name Metadata85Malware Event Type Metadata87Malware Event Subtype Metadata88FireAMP Detector Type Metadata88FireAMP File Type Metadata89Correlation Event for 5.1+90Understanding Series 2 Data Blocks98Series 2 Primitive Data Blocks101String Data Block102BLOB Data Block102List Data Block103Generic List Data Block104UUID String Mapping Data Block105Access Control Policy Rule ID Metadata Block106ICMP Type Data Block107ICMP Code Data Block108Access Control Policy Rule Reason Data Block109IP Reputation Category Data Block110File Event for 5.3.1+111Malware Event Data Block 5.3.1+118File Event SHA Hash for 5.3+125Rule Documentation Data Block for 5.2+126Geolocation Data Block for 5.2+130Understanding Discovery & Connection Data Structures133Discovery and Connection Event Data Messages134Discovery and Connection Event Record Types134Metadata for Discovery Events138Fingerprint Record139Client Application Record140Vulnerability Record141Criticality Record143Network Protocol Record144Attribute Record144Scan Type Record145Server Record146Source Type Record147Source Application Record148Source Detector Record148Third Party Scanner Vulnerability Record149User Record150Web Application Record151Intrusion Policy Name Record152Access Control Rule Action Record Metadata153URL Category Record Metadata154URL Reputation Record Metadata155Access Control Rule Reason Metadata156IOC State Data Block for 5.3+157IOC Name Data Block for 5.3+159Security Intelligence Category Metadata161Security Intelligence Source/Destination Record163Discovery Event Header 5.2+164Discovery and Connection Event Types and Subtypes166Host Discovery Structures by Event Type168New Host and Host Last Seen Messages169Server Messages170New Network Protocol Message171New Transport Protocol Message171Client Application Messages172IP Address Change Message172Operating System Update Messages173IP Address Reused and Host Timeout/Deleted Messages174Vulnerability Change Message174Hops Change Message175TCP and UDP Port Closed/Timeout Messages175MAC Address Messages175Host Identified as a Bridge/Router Message176VLAN Tag Information Update Messages176Change NetBIOS Name Message177Update Banner Message177Policy Control Message178Connection Statistics Data Message178Connection Chunk Message179User Set Vulnerabilities Messages for Version 4.6.1+179User Add and Delete Host Messages180User Delete Server Message181User Set Host Criticality Messages181Attribute Messages182Attribute Value Messages182User Server and Operating System Messages183User Protocol Messages183User Client Application Messages184Add Scan Result Messages184New Operating System Messages185Identity Conflict and Identity Timeout System Messages185User Data Structures by Event Type186User Modification Messages186User Information Update Message Block186Understanding Discovery (Series 1) Blocks187Series 1 Data Block Header187Series 1 Primitive Data Blocks188Host Discovery and Connection Data Blocks188String Data Block195BLOB Data Block196List Data Block197Generic List Block198Sub-Server Data Block198Protocol Data Block200Integer (INT32) Data Block201Vulnerability Reference Data Block201VLAN Data Block203Server Banner Data Block204String Information Data Block205Attribute Address Data Block 5.2+205Attribute List Item Data Block207Attribute Value Data Block208Full Sub-Server Data Block209Operating System Data Block 3.5+211Policy Engine Control Message Data Block212Attribute Definition Data Block for 4.7+213User Protocol Data Block216User Client Application Data Block for 5.1.1+217User Client Application List Data Block219IP Address Range Data Block for 5.2+220Attribute Specification Data Block221Host IP Address Data Block223MAC Address Specification Data Block224Address Specification Data Block225Connection Chunk Data Block for 5.1.1+226Fix List Data Block228User Server Data Block228User Server List Data Block230User Hosts Data Block 4.7+231User Vulnerability Change Data Block 4.7+232User Criticality Change Data Block 4.7+234User Attribute Value Data Block 4.7+235User Protocol List Data Block 4.7+237Host Vulnerability Data Block 4.9.0+238Identity Data Block239Host MAC Address 4.9+241Secondary Host Update242Web Application Data Block for 5.0+243Connection Statistics Data Block 5.3.1+244Scan Result Data Block 5.2+251Host Server Data Block 4.10.0+253Full Host Server Data Block 4.10.0+255Server Information Data Block for 4.10.x, 5.0 - 5.0.2259Full Server Information Data Block261Generic Scan Results Data Block for 4.10.0+264Scan Vulnerability Data Block for 4.10.0+266Full Host Client Application Data Block 5.0+269Host Client Application Data Block for 5.0+270User Vulnerability Data Block 5.0+272Operating System Fingerprint Data Block 5.1+274Mobile Device Information Data Block for 5.1+276Host Profile Data Block for 5.2+277User Product Data Block 5.1+285User Data Blocks292User Account Update Message Data Block293User Information Data Block301User Login Information Data Block 5.1+304Discovery and Connection Event Series 2 Data Blocks306Access Control Rule Data Block306Access Control Rule Reason Data Block 5.1+308Security Intelligence Category Data Block 5.1+309Understanding Host Data Structures311Full Host Profile Data Block 5.3+311Configuring eStreamer325Configuring eStreamer on the eStreamer Server325Configuring eStreamer Event Types326Adding Authentication for eStreamer Clients327Using an Alternate Management Interface with eStreamer328Managing the eStreamer Service330Starting and Stopping the eStreamer Service331eStreamer Service Options331Running the eStreamer Service in Debug Mode332Configuring the eStreamer Reference Client332Setting Up the eStreamer Perl Reference Client332Understanding the eStreamer Perl Reference Client333Configuring Communications for the eStreamer Reference Client333Loading General Prerequisites for the Perl Reference Client334Loading Prerequisites for the Perl SNMP Reference Client334Downloading and Unpacking the Perl Reference Client334Understanding the Data Requested by a Test Script334Modifying the Type of Data Requested by a Test Script335Creating a Certificate for the Perl Reference Client337Running the eStreamer Perl Reference Client337Testing a Client Connection over SSL Using a Host Request338Capturing a PCAP Using the Reference Client338Capturing CSV Records Using the Reference Client338Sending Records to an SNMP Server Using the Reference Client339Logging Events to the Syslog Using the Reference Client339Connecting to an IPv6 Address339Data Structure Examples341Intrusion Event Data Structure Examples341Example of an Intrusion Event for the Defense Center 5.3 +341Example of an Intrusion Impact Alert346Example of a Packet Record347Example of a Classification Record348Example of a Priority Record350Example of a Rule Message Record351Example of a Version 5.1+ User Event353Discovery Data Structure Examples356Example of a New Network Protocol Message356Example of a New TCP Server Message358Understanding Legacy Data Structures363Legacy Intrusion Data Structures363Intrusion Event (IPv4) Record 5.0.x - 5.1364Intrusion Event (IPv6) Record 5.0.x - 5.1368Intrusion Event Record 5.2.x373Intrusion Event Record 5.3379Intrusion Event Record 5.1.1.x386Intrusion Impact Alert Data391Legacy Malware Event Data Structures394Malware Event Data Block 5.1394Malware Event Data Block 5.1.1.x398Malware Event Data Block 5.2.x404Malware Event Data Block 5.3410Legacy Discovery Data Structures417Legacy Discovery Event Header417Discovery Event Header 5.0 - 5.1.1.x417Legacy Server Data Blocks419Attribute Address Data Block for 5.0 - 5.1.1.x419Legacy Client Application Data Blocks420User Client Application Data Block for 5.0 - 5.1420Legacy Scan Result Data Blocks422Scan Result Data Block 5.0 - 5.1.1.x422User Product Data Block for 5.0.x424Legacy User Login Data Blocks430User Login Information Data Block for 5.0 - 5.0.2430Legacy Host Profile Data Blocks432Host Profile Data Block for 5.0 - 5.0.2432Legacy OS Fingerprint Data Blocks439Operating System Fingerprint Data Block for 5.0 - 5.0.2439Legacy Connection Data Structures440Connection Statistics Data Block 5.0 - 5.0.2440Connection Statistics Data Block 5.1445Connection Statistics Data Block 5.2.x451Connection Chunk Data Block for 5.0 - 5.1457Connection Statistics Data Block 5.1.1.x458Connection Statistics Data Block 5.3464Legacy File Event Data Structures471File Event for 5.1.1.x471File Event for 5.2.x475File Event for 5.3479File Event SHA Hash for 5.1.1-5.2.x485Legacy Correlation Event Data Structures486Correlation Event for 5.0 - 5.0.2486Legacy Host Data Structures494Full Host Profile Data Block 5.0 - 5.0.2494Full Host Profile Data Block 5.1.1503Full Host Profile Data Block 5.2.x512Host Profile Data Block for 5.1.x524IP Range Specification Data Block for 5.0 - 5.1.1.x530Index531Tamaño: 3 MBPáginas: 536Language: EnglishManuales abiertas
Guía Del DesarrolladorTabla de contenidosUnderstanding the Remediation Subsystem5Prerequisites6FireSIGHT System6Programming Requirements and Support6Cisco-Provided Remediation Modules7The Remediation Subsystem7Understanding Remediation Subsystem Architecture7Remediation Subsystem Components8Remediation Module Architecture9Using the Remediation Subsystem9Remediation Resources10Planning and Packaging Your Remediation Module11Data Available from the Remediation Subsystem11Event Data12Instance Configuration Data19The config Element19The remediation Element21Data Returned by Modules22Packaging and Installing Your Module22Packaging Your Module23Installing Your Module23Communicating with the Remediation Subsystem25Defining the Global Configuration27Defining the Configuration Template28The boolean Element30The integer Element31The string Element32The password Element33The ipaddress Element35The netmask Element36The host Element37The network Element39The enumeration Element40The list Element41Sample Configuration Template43Defining Remediation Types44Defining Exit Statuses46Working with the Remediation SDK49Understanding the Remediation SDK49Purpose of the SDK49Description of the SDK49Downloading the SDK50Overview of the Development and Installation Process51Notes for Remediation Program Developers51Implementing Remediation Types in a Remediation Program52Understanding the Remediation Subsystem File Structure53Understanding the Remediation Program Workflow53The Order of Command Line Parameters54Handling Undefined Data Elements54Handling Return Codes54Important Global Configuration Elements55Index57Tamaño: 1 MBPáginas: 60Language: EnglishManuales abiertas
Guía Del DesarrolladorTabla de contenidosUnderstanding Host Input7Prerequisites8Product Version Compatibility8Document Conventions9Host Input Scripting Resources9Using the Host Input API11Writing Host Input API Scripts11Calling the Host Input Module11Setting the Source Type12Obtaining a Source ID12Required Fields12Running a Host Input API Script13Application Privileges13Setting a Third-Party Vulnerability Map13Setting a Third-Party Product Map13Host Input API Functions15Host Functions15AddHost15DeleteHost16SetOS17Keys for the $os Variable18UnsetOS20Server Functions21AddService21SetService22UnsetService23DeleteService24Service Keys25Client Application Functions27AddClientApp27DeleteClientApp29DeleteClientAppPayload29Protocol Functions31DeleteProtocol31AddProtocol32Package Fix Functions33AddFix33RemoveFix34Host Attribute Functions36AddHostAttribute36DeleteHostAttribute37SetAttributeValue37DeleteAttributeValue38SetCriticality39Vulnerabilities Functions40SetInvalidVulns41SetValidVulns42Vulnerability Keys43Third-Party Mapping Functions44SetCurrent3rdPartyMap44UnsetCurrent3rdPartyMap45AddScanResult Function45DeleteScanResult47Example Host Input API Scripts50Example: Invoking the Host Input Module50Example: Setting the Source Type50Example: Setting the Source ID50Example: Adding a Host to the Network Map51Example: Setting the Operating System on the Host51Example: Adding a Protocol to the Host53Example: Adding a Server to the Host53Example: Setting the Host Criticality53Example: Adding a Client Application to Multiple Hosts53Example: Adding a Scan Result to a Host54Example: Adding a Generic Scan Result to a Host54Example: Deleting a Scan Result from a Host55Full Example Script55Using the Host Input Import Tool59Preparing to Run Host Input Imports59Creating a Third-Party Vulnerability Map59Creating a Third-Party Product Map60Writing Host Input Import Files61Understanding Import File Format61Setting the Source Type62Setting the Source ID62Setting a Third-Party Product Map63Required Fields63Host Input Import Syntax64Host Functions64AddHost64DeleteHost65SetOS65UnsetOS66Server Functions67AddService67SetService68UnsetService70DeleteService70Client Application Functions71AddClientApp71DeleteClientApp71DeleteClientAppPayload72Protocol Functions73DeleteProtocol73AddProtocol73Package Fix Functions74AddFix74RemoveFix75Host Attribute Functions76AddHostAttribute76DeleteHostAttribute76SetAttributeValue76DeleteAttributeValue77Vulnerabilities Functions77SetInvalidVulns77SetValidVulns78Scan Result Functions79AddScanResult Function79ScanFlush Function81ScanUpdate Function81DeleteScanResult Function81Example Host Input Import File82Example: Setting the Source ID and Product Map83Example: Adding a Host84Example: Adding a Protocol to the Host84Example: Adding a Server to the Host84Example: Setting the Operating System84Example: Adding a Third-Party Vulnerability85Example: Setting the Host Criticality86Example: Add Scan Results86Example: Running Commands on the Defense Center86Example: Adding a Client Application to the Host86Example: Adding a MAC-Only Host87Entire Example File87Testing Your Import on the Defense Center88Running a Host Input Import89Configuring Host Input Clients91Registering the Host Input Client with the Defense Center91Connecting the Client to the Defense Center92Using the Host Input Reference Client92Setting Up the Host Input Reference Client93Understanding the Host Input Reference Client93Configuring Communications for the Host Input Reference Client93Loading General Prerequisites for the Host Input Reference Client94Downloading and Unpacking the Host Input Reference Client94Creating a Certificate for the Host Input Reference Client94Running the Host Input Reference Client95Network Protocol Values97Index99Tamaño: 2 MBPáginas: 102Language: EnglishManuales abiertas
Guía Del DesarrolladorTabla de contenidosIntroduction11Major Changes for Database Access in Version 5.3.111Removed Content for Version 5.3.111Modified Tables for Version 5.3.111Prerequisites12Licensing12FireSIGHT System Features and Terminology12Communication Ports12Client System13Query Application13Database Queries13Where Do I Begin?13Setting Up Database Access15Deciding Which Appliance to Access15Creating a Database User Account16Enabling Database Access on the Defense Center17Downloading the JDBC Driver18Installing the Client SSL Certificate19Connecting to the Database Using a Third-Party Application20Connecting to the Database Using a Custom Program22Sample Code for Custom Java Programs22Running the Application23Querying the Database24Supported SHOW Statement Syntax25Supported DESCRIBE or DESC Statement Syntax25Supported SELECT Statement Syntax26Join Constraints27Querying Data Stored in Unfamiliar Formats27IPv6 Addresses28IPv4 Addresses28MAC Addresses28Packet Data28UNIX Timestamps28Limiting Queries for Performance Reasons29Query Tips29Sample Queries30Audit Records for a User30Intrusion Events by Priority and Classification30Intrusion Events and Their Associated Policies31Lists of Detected Hosts31List of Detected Servers31Server Vulnerabilities on Your Network31Operating System Summary32Operating System Vulnerabilities for a Host32Host Violation Count32Schema: System-Level Tables33audit_log33audit_log Fields33audit_log Joins34audit_log Sample Query34fireamp_event34fireamp_event Fields34fireamp_event Joins40fireamp_event Sample Query40health_event40health_event Fields40health_event Joins41health_event Sample Query41sru_import_log42sru_import_log Fields42sru_import_log Joins43sru_import_log Sample Query43Schema: Intrusion Tables45intrusion_event45intrusion_event Fields46intrusion_event Joins50intrusion_event Sample Query51intrusion_event_packet51intrusion_event_packet Fields51intrusion_event_packet Joins52intrusion_event_packet Sample Query52rule_message52rule_message Fields52rule_message Joins52rule_message Sample Query53rule_documentation53rule_documentation Fields53rule_documentation Joins54rule_documentation Sample Query54Schema: Statistics Tracking Tables55Understanding Statistics Tracking Tables56Storage Characteristics for Statistics Tracking Tables56Specifying Time Intervals When Querying Statistics Tables56app_ids_stats_current_timeframe58app_ids_stats_current_timeframe Fields58app_ids_stats_current_timeframe Joins59app_ids_stats_current_timeframe Sample Query59app_stats_current_timeframe60app_stats_current_timeframe Fields60app_stats_current_timeframe Joins61app_stats_current_timeframe Sample Query61geolocation_stats_current_timeframe61geolocation_stats_current_timeframe Fields62geolocation_stats_current_timeframe Joins63geolocation_stats_current_timeframe Sample Query63ids_impact_stats_current_timeframe63ids_impact_stats_current_timeframe Fields63ids_impact_stats_current_timeframe Joins64ids_impact_stats_current_timeframe Sample Query64session_stats_current_timeframe64session_stats_current_timeframe Fields65session_stats_current_timeframe Joins65session_stats_current_timeframe Sample Query65storage_stats_by_disposition_current_timeframe66storage_stats_by_disposition_current_timeframe Fields66storage_stats_by_disposition_current_timeframe Joins67storage_stats_by_disposition_current_timeframe Sample Query67storage_stats_by_file_type_current_timeframe67storage_stats_by_file_type_current_timeframe Fields67storage_stats_by_file_type_current_timeframe Joins68storage_stats_by_file_type_current_timeframe Sample Query68transmission_stats_by_file_type_current_timeframe68transmission_stats_by_file_type_current_timeframe Fields68transmission_stats_by_file_type_current_timeframe Joins69transmission_stats_by_file_type_current_timeframe Sample Query69url_category_stats_current_timeframe69url_category_stats_current_timeframe Fields70url_category_stats_current_timeframe Joins70url_category_stats_current_timeframe Sample Query70url_reputation_stats_current_timeframe71url_reputation_stats_current_timeframe Fields71url_reputation_stats_current_timeframe Joins72url_reputation_stats_current_timeframe Sample Query72user_ids_stats_current_timeframe72user_ids_stats_current_timeframe Fields72user_ids_stats_current_timeframe Joins73user_ids_stats_current_timeframe Sample Query73user_stats_current_timeframe74user_stats_current_timeframe Fields74user_stats_current_timeframe Joins74user_stats_current_timeframe Sample Query75Schema: Discovery Event and Network Map Tables77application_host_map81application_host_map Fields81application_host_map Joins83application_host_map Sample Query84application_info84application_info Fields84application_info Joins85application_info Sample Query85application_tag_map85application_tag_map Fields86application_tag_map Joins86application_tag_map Sample Query87network_discovery_event87network_discovery_event Fields87network_discovery_event Joins88network_discovery_event Sample Query88rna_host89rna_host Fields89rna_host Joins90rna_host Sample Query90rna_host_attribute90rna_host_attribute Fields91rna_host_attribute Joins91rna_host_attribute Sample Query91rna_host_client_app92rna_host_client_app Fields92rna_host_client_app Joins93rna_host_client_app Sample Query94rna_host_client_app_payload95rna_host_client_app_payload Fields95rna_host_client_app_payload Joins96rna_host_client_app_payload Sample Query97rna_host_ioc_state97rna_host_ioc_state Fields98rna_host_ioc_state Joins100rna_host_ioc_state Sample Query100rna_host_ip_map101rna_host_ip_map Fields101rna_host_ip_map Joins102rna_host_ip_map Sample Query103rna_host_mac_map103rna_host_mac_map Fields103rna_host_mac_map Joins104rna_host_mac_map Sample Query104rna_host_os104rna_host_os Fields105rna_host_os Joins106rna_host_os Sample Query106rna_host_os_vulns106rna_host_os_vulns Fields107rna_host_os_vulns Joins107rna_host_os_vulns Sample Query108rna_host_protocol108rna_host_protocol Fields108rna_host_protocol Joins109rna_host_protocol Sample Query109rna_host_sensor109rna_host_sensor Fields110rna_host_sensor Joins110rna_host_sensor Sample Query111rna_host_service111rna_host_service Fields111rna_host_service Joins112rna_host_service Sample Query112rna_host_service_banner113rna_ip_host_service_banner Fields113rna_host_service_banner Joins114rna_host_service_banner Sample Query114rna_host_service_info115rna_host_service_info Fields115rna_host_service_info Joins117rna_host_service_info Sample Query118rna_host_service_payload119rna_host_service_payload Fields119rna_host_service_payload Joins120rna_host_service_payload Sample Query121rna_host_service_subtype122rna_host_service_subtype Fields122rna_host_service_subtype Joins122rna_host_service_subtype Sample Query123rna_host_service_vulns123rna_host_service_vulns Fields123rna_host_service_vulns Joins124rna_host_service_vulns Sample Query124rna_host_third_party_vuln124rna_host_third_party_vuln Fields125rna_host_third_party_vuln Joins125rna_host_third_party_vuln Sample Query126rna_host_third_party_vuln_bugtraq_id126rna_host_third_party_vuln_bugtraq_id Fields126rna_host_third_party_vuln_bugtraq_id Joins127rna_host_third_party_vuln_bugtraq_id Sample Query127rna_host_third_party_vuln_cve_id127rna_host_third_party_vuln_cve_id Fields128rna_host_third_party_vuln_cve_id Joins129rna_host_third_party_vuln_cve_id Sample Query129rna_host_third_party_vuln_rna_id129rna_host_third_party_vuln_rna_id Fields130rna_host_third_party_vuln_rna_id Joins131rna_host_third_party_vuln_rna_id Sample Query131rna_vuln131rna_vuln Fields132rna_vuln Joins133rna_vuln Sample Query134tag_info134tag_info Fields134tag_info Joins134tag_info Sample Query135url_categories135url_categories Fields135url_categories Joins135url_categories Sample Query135url_reputations136url_reputations Fields136url_reputations Joins136url_reputations Sample Query136user_ipaddr_history136user_ipaddr_history Fields137user_ipaddr_history Joins138user_ipaddr_history Sample Query138Schema: Connection Log Tables139connection_log139connection_log Fields140connection_log Joins146connection_log Sample Query146connection_summary146connection_summary Fields147connection_summary Joins149connection_summary Sample Query149si_connection_log150si_connection_log Fields150si_connection_log Joins155si_connection_log Sample Query156Schema: User Activity Tables157discovered_users157discovered_users Fields157discovered_users Joins158discovered_users Sample Query158user_discovery_event159user_discovery_event Fields159user_discovery_event Joins160user_discovery_event Sample Query160Schema: Correlation Tables161compliance_event161compliance_event Fields162compliance_event Joins165compliance_event Sample Query166remediation_status166remediation_status Fields166remediation_status Joins167remediation_status Sample Query167white_list_event167white_list_event Fields168white_list_event Joins169white_list_event Sample Query169white_list_violation169white_list_violation Fields170white_list_violation Joins170white_list_violation Sample Query170Schema: File Event Tables171file_event171file_event Fields172file_event Joins175file_event Sample Query176Deprecated Tables177Index179Tamaño: 2 MBPáginas: 180Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidosIntroduction to Cisco NGIPS for Blue Coat X-Series5Prerequisites for Installing Cisco NGIPS for Blue Coat X-Series6Components of the FireSIGHT System7FireSIGHT8Access Control8Intrusion Detection and Prevention8File Tracking, Control, and Malware Protection9Understanding Cisco NGIPS for Blue Coat X-Series Capabilities9Licensing the FireSIGHT System10Security, Internet Access, and Communication Ports12Internet Access Requirements12Communication Ports Requirements12What’s Next?13Understanding Deployment15Understanding Sensing Circuits15Understanding VAPs and VAP Groups16Understanding Redundancy and Load Balancing17Understanding Access Control Policies17Understanding Deployment Scenarios18Using a Passive Deployment18External Tap in a Passive Deployment18Internal Tap in a Passive Deployment19Using an Inline Deployment19Installing Cisco NGIPS for Blue Coat X-Series21Before You Begin21Uninstalling Previous Versions of Cisco NGIPS for Blue Coat X-Series22Pre-Staging Cisco NGIPS for Blue Coat X-Series22Preparing for the Installation22Setting Up a VAP Group23Identifying APMs to Use23Creating and Configuring a VAP Group24Configuring the Management Circuits25Configuring Sensing Circuits27Creating Monitor Circuits28Creating Template Circuits28Creating Child Circuits29Configuring Bridge-Mode Bridges30Associating Physical Ports with Circuits30Using Optional Settings32Configuring IP Routes32Configuring IPv6 Detection32Configuring Jumbo Frame Support33Installing Cisco NGIPS for Blue Coat X-Series34Loading Cisco NGIPS for Blue Coat X-Series on the CPM34Installing Cisco NGIPS for Blue Coat X-Series on a VAP Group35Verifying the Installation36Uninstalling Cisco NGIPS for Blue Coat X-Series37Setting Up the Defense Center39Adding Cisco NGIPS for Blue Coat X-Series to the Defense Center39Configuring Security Zones and Inline Sets41Reconfiguring Interfaces42Managing Cisco NGIPS for Blue Coat X-Series43Adding Additional VAPs to a VAP Group43Editing Load-Balanced VAP Groups44Using the Configuration Menu45Changing the Management Interface46Changing the Managing Defense Center46Changing the Registration Key47Changing the Unique NAT ID47Changing Application Monitoring Status48Command Reference49Tamaño: 2 MBPáginas: 50Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidosIntroduction to Cisco NGIPS for Blue Coat X-Series5Prerequisites for Installing Cisco NGIPS for Blue Coat X-Series6Components of the FireSIGHT System7FireSIGHT8Access Control8Intrusion Detection and Prevention8File Tracking, Control, and Malware Protection9Understanding Cisco NGIPS for Blue Coat X-Series Capabilities9Licensing the FireSIGHT System10Security, Internet Access, and Communication Ports12Internet Access Requirements12Communication Ports Requirements12What’s Next?13Understanding Deployment15Understanding Sensing Circuits15Understanding VAPs and VAP Groups16Understanding Redundancy and Load Balancing17Understanding Access Control Policies17Understanding Deployment Scenarios18Using a Passive Deployment18External Tap in a Passive Deployment18Internal Tap in a Passive Deployment19Using an Inline Deployment19Installing Cisco NGIPS for Blue Coat X-Series21Before You Begin21Uninstalling Previous Versions of Cisco NGIPS for Blue Coat X-Series22Pre-Staging Cisco NGIPS for Blue Coat X-Series22Preparing for the Installation22Setting Up a VAP Group23Identifying APMs to Use23Creating and Configuring a VAP Group24Configuring the Management Circuits25Configuring Sensing Circuits27Creating Monitor Circuits28Creating Template Circuits28Creating Child Circuits29Configuring Bridge-Mode Bridges30Associating Physical Ports with Circuits30Using Optional Settings32Configuring IP Routes32Configuring IPv6 Detection32Configuring Jumbo Frame Support33Installing Cisco NGIPS for Blue Coat X-Series34Loading Cisco NGIPS for Blue Coat X-Series on the CPM34Installing Cisco NGIPS for Blue Coat X-Series on a VAP Group35Verifying the Installation36Uninstalling Cisco NGIPS for Blue Coat X-Series37Setting Up the Defense Center39Adding Cisco NGIPS for Blue Coat X-Series to the Defense Center39Configuring Security Zones and Inline Sets41Reconfiguring Interfaces42Managing Cisco NGIPS for Blue Coat X-Series43Adding Additional VAPs to a VAP Group43Editing Load-Balanced VAP Groups44Using the Configuration Menu45Changing the Management Interface46Changing the Managing Defense Center46Changing the Registration Key47Changing the Unique NAT ID47Changing Application Monitoring Status48Command Reference49Tamaño: 2 MBPáginas: 50Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Terminology2Changed Functionality3Features and Functionality Introduced in Previous Versions3Version 5.4.1.13Dedicated AMP Appliances3Version 5.4.1:3FirePOWER Services Management Capabilities3Platform Enhancements4International Compatibility Enhancements5Detection and Security Enhancements5Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.8 and Version 5.4.1.711Time and Disk Space Requirements for Updating to Version 5.4.0.8 and Version 5.4.1.711Product Compatibility After Updating to Version 5.4.0.8 and Version 5.4.1.712Returning to a Previous Version14Reimage Appliances14Installing the Update15Updating Defense Centers16Updating Managed Devices, ASA FirePOWER Modules18Resolved Issues20Issues Resolved in Previous Versions21Known Issues38For Assistance49Tamaño: 2 MBPáginas: 50Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Terminology2Changed Functionality3Features and Functionality Introduced in Previous Versions3Version 5.4.1.13Dedicated AMP Appliances3Version 5.4.13FirePOWER Services Management Capabilities3Platform Enhancements4International Compatibility Enhancements5Detection and Security Enhancements5Previously Changed Functionality5Documentation Updates8Before You Begin: Important Update and Compatibility Notes8Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.9 and Version 5.4.1.810Time and Disk Space Requirements for Updating to Version 5.4.0.9 and Version 5.4.1.811Product Compatibility After Updating to Version 5.4.0.9 and Version 5.4.1.811Returning to a Previous Version13Reimage Appliances13Installing the Update14Updating Defense Centers15Updating Managed Devices17Resolved Issues19Issues Resolved in Previous Versions21Known Issues37For Assistance49Tamaño: 2 MBPáginas: 50Language: EnglishManuales abiertas
/es/manuals/1641627/Tabla de contenidosIntroduction5Major Changes to the User Agent Version 2.25Understanding User Agents5Understanding User Agent Functionality6Understanding Legacy Agent Support8Understanding Agents and Access Control in Version 5.x8Understanding the Users Database8Understanding the User Activity Database9Understanding the Access-Controlled Users Database9User Data Collection Limitations10Setting up a User Agent13Preparing to Connect to a Version 4.x Defense Center14Preparing to Connect to a Version 5.x Defense Center15Setting up a User Agent on the Defense Center15Setting up an LDAP Connection to Allow User Access Control15Configuring Permissions to Connect to an Active Directory Server16Enabling Idle Session Timeouts17Preparing the Computer for User Agent Installation18Backing Up User Agent Configurations19Installing a User Agent20Configuring a User Agent21Configuring User Agent Active Directory Server Connections22Configuring User Agent Defense Center Connections25Configuring User Agent Excluded Username Settings26Configuring User Agent Excluded Addresses Settings27Configuring User Agent Logging Settings28Configuring General User Agent Settings29Configuring User Agent Maintenance Settings30Tamaño: 600 KBPáginas: 32Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosInstalling the Pre-Installation Package on a Defense Center1Installing the Pre-Installation Package to Managed Devices2Installing the Pre-Installation Package locally via ASDM2Resolved Caveats3For Assistance3Tamaño: 200 KBPáginas: 4Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosChanged Functionality2Features and Functionality Added in Previous Releases2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services2Terminology3Features Introduced in Previous Versions4Documentation Updates4Before You Begin: Important Update and Compatibility Notes6Configuration and Event Backup Guidelines6Traffic Flow and Inspection During the Update6Audit Logging During the Update7Version Requirements for Updating to Version 5.3.1.67Time and Disk Space Requirements for Updating to Version 5.3.1.67Product Compatibility After Updating to Version 5.3.1.68Installing the Update9Updating Defense Centers10Updating Cisco ASA with FirePOWER Services13Uninstalling the Update14Planning the Uninstallation15Uninstalling the Update from a ASA FirePOWER Device15Uninstalling the Update from a Defense Center16Resolved Issues17Known Issues23Assistance29Tamaño: 400 KBPáginas: 30Language: EnglishManuales abiertas
Manual TécnicaTabla de contenidosContents1Introduction1Prerequisites1Components Used1Network Diagram1Configuration2EIGRP Example2OSPF Example2BGP Example3Verification4EIGRP5OSPF5BGP5Troubleshooting5Tamaño: 200 KBPáginas: 5Language: EnglishManuales abiertas
Guía De InstalaciónTabla de contenidosCisco Firepower Management Center Getting Started Guide1Package Contents1Chassis Models1Included Items2License Requirements3Installing the Firepower Management Center3Management Center Initial Setup4Management Center Setup Using the Management Interface5Management Center Setup Using a Keyboard and Monitor (KVM)5Initial Setup Page: Management Centers6Setup Options7Next Steps10Redirecting Console Output11Using the Shell to Redirect the Console Output11Using the Web Interface to Redirect the Console Output12Restoring a Firepower Management Center to Factory Defaults12Before You Begin13Configuration and Event Backup Guidelines13Traffic Flow During the Restore Process13Understanding the Restore Process13Obtaining the Restore ISO and Update Files14Beginning the Restore Process15Starting the Restore Utility Using KVM or Physical Serial Port15Starting the Restore Utility Using Lights-Out Management16Using the Interactive Menu to Restore an Appliance17Identifying the Appliance’s Management Interface18Specifying ISO Image Location and Transport Method19Updating System Software and Intrusion Rules During Restore20Downloading the ISO and Update Files and Mounting the Image20Invoking the Restore Process21Saving and Loading Restore Configurations22Next Steps23Setting Up Lights-Out Management24Enabling LOM and LOM Users25Installing an IPMI Utility26Preconfiguring Firepower Management Centers26Before You Begin27Required Preconfiguration Information27Optional Preconfiguration Information27Preconfiguring Time Management27Installing the System28Preparing the Appliance for Shipment28Deleting a License from a Management Center28Powering Down the Appliance28Shipping Considerations28Troubleshooting the Appliance Preconfiguration29Scrubbing the Hard Drive29Related Documentation30Tamaño: 1 MBPáginas: 30Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosChanged Functionality2Features and Functionality Added in Previous Releases2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services2Terminology3Features Introduced in Previous Versions4Documentation Updates4Before You Begin: Important Update and Compatibility Notes6Configuration and Event Backup Guidelines6Traffic Flow and Inspection During the Update7Audit Logging During the Update7Version Requirements for Updating to Version 5.3.1.37Time and Disk Space Requirements for Updating to Version 5.3.1.38Product Compatibility After Updating to Version 5.3.1.38Installing the Update9Updating Defense Centers11Updating Cisco ASA with FirePOWER Services13Uninstalling the Update14Planning the Uninstallation15Uninstalling the Update from a ASA FirePOWER Device15Uninstalling the Update from a Defense Center16Resolved Issues17Known Issues20Assistance25Tamaño: 400 KBPáginas: 26Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosSupported Platforms and Environments1Management Capability3Management Capability: Firepower Management Center3Local Management Capability: ASA FirePOWER Module, Firepower Device Manager, and 7000 and 8000 Series Devices4New Features and Functionality5Changed Functionality11Deprecated Functionality12Terminology and Documentation12Compatibility14Integrated Product Compatibility14Web Browser Compatibility14Screen Resolution Compatibility15Updating vs. Reimaging vs. Deploying15Important Update Notes16Update Paths to Version 6.1.016Update Interface Options18Update Sequence Guidelines18Pre-Update System Readiness Checks19Running a Readiness Check via the Shell20Pre-Update Configuration and Event Backups20Traffic Flow and Inspection During the Update20Additional Memory Requirements21Time and Disk Space Requirements21Post-Update Tasks22Updating to Version 6.1.022Updating Firepower Management Centers and Firepower Management Centers Virtual23Updating Firepower Threat Defense Device with the Firepower Device Manager25Updating Firepower Threat Defense Devices using the Firepower Management Center25Updating 7000 and 8000 Series Devices, Firepower NGIPSv, and ASA FirePOWER Modules26Updating ASA FirePOWER Modules Managed via ASDM28Resolved Issues29Known Issues35For Assistance39Tamaño: 2 MBPáginas: 40Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosSupported Platforms and Compatibility1Supported Platforms1Management Platform-Managed Device Compatibility2New Features and Functionality5New Features5Expanded Threat Protection5Enhanced Network Visibility and Control6Improved Threat Defense Against Advanced Persistent Threats7Expanded Management Functionality7Changed Functionality8Updated Terminology8Updated Documentation8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Applying the Version 6.0 Pre-Installation Package9Break Firepower Management Center High Availability Prior to Upgrade10Update Firepower Management Center Memory for MC750 and MC1500 and Management Centers Virtual10Update Management Center HTTPS Certificates to Version 6.011Traffic Flow and Inspection During the Update11Audit Logging During the Update12Time and Disk Space Requirements for Updating to Version 6.012Firepower Version Requirements for Updating to Version 6.013Web Browser and Screen Resolution Compatibility in Version 6.014Integrated Product Compatibility in Version 6.014Installing the Update15Updating Firepower Management Centers16Preventing URL Cache Miss Lookup Retries18Updating Managed Devices and ASA FirePOWER Modules18Resolved Issues20Known Issues27For Assistance31Tamaño: 1 MBPáginas: 32Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Terminology2Changed Functionality3Features and Functionality Introduced in Previous Versions3Version 5.4.1.13Dedicated AMP Appliances3Version 5.4.1:3FirePOWER Services Management Capabilities3Platform Enhancements4International Compatibility Enhancements5Detection and Security Enhancements5Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.7 and Version 5.4.1.610Time and Disk Space Requirements for Updating to Version 5.4.0.7 and Version 5.4.1.611Product Compatibility After Updating to Version 5.4.0.7 and Version 5.4.1.612Returning to a Previous Version13Reimage Appliances14Installing the Update14Updating Defense Centers16Updating Managed Devices, ASA FirePOWER Modules18Resolved Issues20Issues Resolved in Previous Versions22Known Issues36For Assistance46Tamaño: 2 MBPáginas: 46Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Platform Enhancements2Dedicated AMP Appliances2FirePOWER Services Management Capabilities2Terminology3Features and Functionality Introduced in Previous Versions4FirePOWER Services Management Capabilities4Platform Enhancements5International Compatibility Enhancements6Detection and Security Enhancements6Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.2 and Version 5.4.1.110Time and Disk Space Requirements for Updating to Version 5.4.0.2 and Version 5.4.1.111Product Compatibility After Updating to Version 5.4.0.2 and Version 5.4.1.111Returning to a Previous Version13Reimage Appliances13Installing the Update14Updating Defense Centers16Updating Managed Devices, ASA FirePOWER Modules, and Cisco NGIPS for Blue Coat X-Series17Resolved Issues19Issues Resolved in Previous Versions21Known Issues26For Assistance30Tamaño: 1 MBPáginas: 32Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosSupported Platforms and Compatibility1Supported Platforms1Management Platform-Managed Device Compatibility3New Features and Functionality7New Features7Fully Integrated, Threat-Focused Next-Generation Firewall7Firepower Threat Defense7Firepower 4100 Series7Firepower 9300 Series7Updated Terminology8Updated Documentation8Features and Changed Functionality Introduced in Previous Versions8Version 6.08Expanded Threat Protection9Enhanced Network Visibility and Control9Improved Threat Defense Against Advanced Persistent Threats10Expanded Management Functionality10Before You Begin: Important Update and Compatibility Notes11Configuration and Event Backup Guidelines12Firepower Management Center High Availability in Version 6.0.x12Traffic Flow and Inspection During the Update12Audit Logging During the Update13Time and Disk Space Requirements for Updating to Version 6.0.113Firepower Version Requirements for Updating to Version 6.0.115Web Browser and Screen Resolution Compatibility in Version 6.0.115Integrated Product Compatibility in Version 6.0.116Installing the Update16Updating Firepower Management Centers18Updating Managed Devices and ASA Firepower modules20Updating Firepower Threat Defense Devices22Resolved Issues23Known Issues32For Assistance43Tamaño: 2 MBPáginas: 44Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Terminology2Changed Functionality3Features and Functionality Introduced in Previous Versions3Version 5.4.1.13Dedicated AMP Appliances3Version 5.4.1:3FirePOWER Services Management Capabilities3Platform Enhancements4International Compatibility Enhancements5Detection and Security Enhancements5Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.6 and Version 5.4.1.510Time and Disk Space Requirements for Updating to Version 5.4.0.6 and Version 5.4.1.510Product Compatibility After Updating to Version 5.4.0.6 and Version 5.4.1.511Returning to a Previous Version13Reimage Appliances13Installing the Update14Updating Defense Centers15Preventing URL Cache Miss Lookup Retries17Updating Managed Devices, ASA FirePOWER Modules18Resolved Issues20Issues Resolved in Previous Versions22Known Issues33For Assistance40Tamaño: 2 MBPáginas: 42Language: EnglishManuales abiertas
Guía De InformaciónTabla de contenidosCisco Firepower Compatibility Guide1Introduction1Terminology and Branding1General Terminology1Management Terminology2Device Terminology2Device Platforms by Management Method and Version3Understanding Version 5.x Release Sequences5Device Platforms6Firepower Threat Defense Devices6Firepower Threat Defense on ASA Devices6Firepower Threat Defense on FXOS-Based Devices7Firepower Threat Defense Virtual7ASA FirePOWER Devices7ASA5506-X Series, ASA5508-X, ASA5516-X8ASA5585-X Series, ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, ASA5555-X8ISA30009Firepower 7000/8000 Series and Legacy Devices97000/8000 Series and Legacy Devices9NGIPSv (Virtual Managed Devices)9Cisco NGIPS for Blue Coat X-Series10Firepower Management Centers10Firepower Management Centers: Physical10Firepower Management Centers: Virtual11Integrated Product Compatibility12Additional Resources12Tamaño: 400 KBPáginas: 13Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Terminology2Features and Functionality Introduced in Previous Versions3Version 5.4.1.13Dedicated AMP Appliances3FirePOWER Services Management Capabilities3Version 5.4.1:4FirePOWER Services Management Capabilities4Platform Enhancements5International Compatibility Enhancements6Detection and Security Enhancements6Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update10Audit Logging During the Update11Version Requirements for Updating to Version 5.4.0.4 and version 5.4.1.311Time and Disk Space Requirements for Updating to Version 5.4.0.4 and version 5.4.1.311Product Compatibility After Updating to Version 5.4.0.4 and version 5.4.1.312Returning to a Previous Version13Reimage Appliances14Installing the Update15Updating Defense Centers16Updating Managed Devices, ASA FirePOWER Modules, and Cisco NGIPS for Blue Coat X-Series18Resolved Issues20Issues Resolved in Previous Versions21Known Issues30For Assistance37Tamaño: 2 MBPáginas: 38Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosBefore You Begin1Installing the Update2Updating the Firepower Management Center2Uninstalling the Pre-Install3Resolved Caveats4For Assistance4Tamaño: 300 KBPáginas: 6Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Platform Enhancements2Terminology3Changed Functionality3Features and Functionality Introduced in Previous Versions4FirePOWER Services Management Capabilities4Platform Enhancements5International Compatibility Enhancements5Detection and Security Enhancements6Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.3 and Version 5.4.1.210Time and Disk Space Requirements for Updating to Version 5.4.0.3 and Version 5.4.1.211Product Compatibility After Updating to Version 5.4.0.3 and Version 5.4.1.211Returning to a Previous Version13Reimage Appliances13Installing the Update14Updating Defense Centers16Updating Managed Devices, and ASA FirePOWER Modules, and Cisco NGIPS for Blue Coat X-Series18Resolved Issues20Issues Resolved in Previous Versions22Known Issues29For Assistance35Tamaño: 2 MBPáginas: 36Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosSupported Platforms and Compatibility1Supported Platforms1Management Platform-Managed Device Compatibility3New Features and Functionality7New Features7Changed Functionality7Updated Terminology8Updated Documentation8Features and Changed Functionality Introduced in Previous Versions8Version 6.0.18Fully Integrated, Threat-Focused Next-Generation Firewall8Firepower Threat Defense8Firepower 4100 Series9Firepower 9300 Series9Version 6.09Expanded Threat Protection9Enhanced Network Visibility and Control9Improved Threat Defense Against Advanced Persistent Threats10Expanded Management Functionality11Before You Begin: Important Update and Compatibility Notes12Configuration and Event Backup Guidelines12Traffic Flow and Inspection During the Update12Audit Logging During the Update13Time and Disk Space Requirements for Updating to Version 6.0.1.214Firepower Version Requirements for Updating to Version 6.0.1.215Web Browser and Screen Resolution Compatibility in Version 6.0.1.216Integrated Product Compatibility in Version 6.0.1.216Installing the Update16Updating Firepower Management Centers18Updating 7000 Series, 8000 Series, NGIPSv, and ASA FirePOWER20Updating Firepower Threat Defense Devices22Uninstalling the Update23Planning the Uninstallation24Uninstalling the Update from a Managed Device25Uninstalling the Update from a Virtual Managed Device26Uninstalling the Update from a Cisco ASA with FirePOWER Services26Uninstalling the Update from a Firepower Management Center27Uninstalling the Update from a Cisco ASA with FirePOWER Services Managed by ASDM28Resolved Issues28Known Issues41For Assistance54Tamaño: 2 MBPáginas: 56Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosChanged Functionality2Features and Functionality Added in Previous Releases2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services2Terminology3Features Introduced in Previous Versions4Documentation Updates4Before You Begin: Important Update and Compatibility Notes6Configuration and Event Backup Guidelines7Traffic Flow and Inspection During the Update7Audit Logging During the Update7Version Requirements for Updating to Version 5.3.1.57Time and Disk Space Requirements for Updating to Version 5.3.1.58Product Compatibility After Updating to Version 5.3.1.58Installing the Update9Updating Defense Centers11Updating Cisco ASA with FirePOWER Services13Uninstalling the Update15Planning the Uninstallation15Uninstalling the Update from a ASA FirePOWER Device15Uninstalling the Update from a Defense Center16Resolved Issues17Known Issues22Assistance28Tamaño: 400 KBPáginas: 30Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosBefore You Begin: Important Update Notes1Installing the Update2Updating the Firepower Management Center3Updating Managed Devices4Updating ASA FirePOWER modules locally via ASDM4Uninstalling the Pre-Install from the Firepower Management Center5Resolved Caveats5For Assistance6Tamaño: 300 KBPáginas: 6Language: EnglishManuales abiertas
Documentation RoadmapsTabla de contenidosCurrent Documentation (Version 6.0 and Later)1Compatibility Guide1Release Notes1Configuration Guides2Firepower Management Center3ASA with FirePOWER Services Local Management via ASDM3Firepower Device Manager3Command Reference Guides4Hardware Installation Guides4Quick Start and Getting Started Guides4Firepower Management Center Quick Start Guides4Firepower Threat Defense Quick Start Guides5Firepower Classic Device and ASA Firepower Services Quick Start Guides5Integration API Documentation6User Agent Documentation6SSL Appliance Documentation7Cisco SSL Appliance, Version 3.8.x7Cisco SSL Appliance Release Notes, Version 3.8.x7Cisco SSL Appliance Getting Started Guides, Version 3.8.x7Cisco SSL Appliance Administration Guides, Version 3.8.x7Sourcefire SSL Appliance, Version 3.7.x8Sourcefire SSL Appliance Release Notes, Version 3.7.x8Sourcefire SSL Appliance Getting Started Guides, Version 3.7.x8Sourcefire SSL Appliance Administration Guides, Version 3.7.x8Sourcefire SSL Appliance, Version 3.6.x8Sourcefire SSL Appliance Release Notes, Version 3.6.x8Sourcefire SSL Appliance Getting Started Guides, Version 3.6.x8Sourcefire SSL Appliance Administration Guides, Version 3.6.x9Legacy Documentation (Version 5.4.x and Earlier)9FireSIGHT System Documentation, Version 5.4.0.x and Version 5.4.1.x9FireSIGHT System Release Notes, Version 5.4.x9ASA FirePOWER Quick Start Guide10ASA FirePOWER Module User Guide, Version 5.4.1.x11Regulatory Compliance and Safety Information for FirePOWER and FireSIGHT Appliances11FireSIGHT System Installation Guides, Version 5.4.x11FireSIGHT System User Guide, Version 5.4.x11FireSIGHT System Integration Guides, Version 5.4.x11FireSIGHT System Documentation, Version 5.3.1.x12FireSIGHT System Release Notes, Version 5.3.1.x12ASA FirePOWER Quick Start Guide13FireSIGHT System Installation Guides, Version 5.3.1.x13FireSIGHT System User Guide, Version 5.3.1.x13FireSIGHT System Integration Guides, Version 5.3.1.x13Sourcefire 3D System Documentation14Sourcefire 3D System, Version 5.3.0.x14Sourcefire 3D System Release Notes, Version 5.3.0.x14Sourcefire 3D System Installation Guides, Version 5.3.0.x15Sourcefire 3D System User Guide, Version 5.3.0.x15Sourcefire 3D System Quick Start Guides, Version 5.3.0.x15Sourcefire 3D System Integration Guides, Version 5.3.0.x16Sourcefire 3D System, Version 5.2.x16Sourcefire 3D System Release Notes, Version 5.2.x17Sourcefire 3D System Installation Guides, Version 5.2.x17Sourcefire 3D System User Guide, Version 5.2.x17Sourcefire 3D System Quick Start Guides, Version 5.2.x17Sourcefire 3D System Integration Guides, Version 5.2.x18Migration Guide, Version 5.2.x18FireSIGHT System User Agent19Sourcefire 3D System Qualys Connector, Version 1.0.119Tamaño: 200 KBPáginas: 20Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosResolved Issues1For Assistance1Tamaño: 100 KBPáginas: 2Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosSupported Platforms and Compatibility1Supported Platforms1Management Platform-Managed Device Compatibility2New Features and Functionality5New Features5Changed Functionality5Updated Terminology5Updated Documentation6Features and Functionality Introduced in Previous Versions6Version 6.0.06Expanded Threat Protection7Enhanced Network Visibility and Control7Improved Threat Defense Against Advanced Persistent Threats8Expanded Management Functionality9Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update10Audit Logging During the Update11Time and Disk Space Requirements for Updating to Version 6.0.0.111Firepower Version Requirements for Updating to Version 6.0.0.112Web Browser and Screen Resolution Compatibility in Version 6.0.0.113Integrated Product Compatibility in Version 6.0.0.113Installing the Update14Updating Firepower Management Centers15Updating Managed Devices and ASA FirePOWER Modules via the Firepower Management Center18Updating ASA FirePOWER modules Managed by ASDM20Uninstalling the Update21Planning the Uninstallation21Uninstalling the Update from a Managed Device22Uninstalling the Update from a Cisco ASA with FirePOWER Services23Uninstalling the Update from a NGIPSv24Uninstalling the Update from a Firepower Management Center24Uninstalling the Update from a Cisco ASA with FirePOWER Services Managed by ASDM25Resolved Issues26Issues Resolved in Previous Versions:26Known Issues33For Assistance39Tamaño: 2 MBPáginas: 40Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosChanged Functionality2Features and Functionality Added in Previous Releases2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services3Terminology3Documentation Updates4Before You Begin: Important Update and Compatibility Notes5Configuration and Event Backup Guidelines6Traffic Flow and Inspection During the Update6Audit Logging During the Update7Version Requirements for Updating to Version 5.3.1.17Time and Disk Space Requirements for Updating to Version 5.3.1.17Product Compatibility After Updating to Version 5.3.1.18Returning to a Previous Version9Installing the Update9Updating Defense Centers10Updating Cisco ASA with FirePOWER Services13Using the Shell to Perform the Update14Uninstalling the Update15Planning the Uninstallation16Uninstalling the Update from a ASA FirePOWER Device16Uninstalling the Update from a Defense Center17Resolved Issues18Known Issues20Assistance24Tamaño: 500 KBPáginas: 24Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Terminology2Changed Functionality3Features and Functionality Introduced in Previous Versions3Version 5.4.1.13Dedicated AMP Appliances3Version 5.4.1:4FirePOWER Services Management Capabilities4Platform Enhancements4International Compatibility Enhancements5Detection and Security Enhancements5Previously Changed Functionality6Documentation Updates8Before You Begin: Important Update and Compatibility Notes9Configuration and Event Backup Guidelines9Traffic Flow and Inspection During the Update9Audit Logging During the Update10Version Requirements for Updating to Version 5.4.0.5 and Version 5.4.1.410Time and Disk Space Requirements for Updating to Version 5.4.0.5 and Version 5.4.1.410Product Compatibility After Updating to Version 5.4.0.5 and Version 5.4.1.411Returning to a Previous Version13Reimage Appliances13Installing the Update14Updating Defense Centers16Updating Managed Devices, ASA FirePOWER Modules, and Cisco NGIPS for Blue Coat X-Series17Resolved Issues19Issues Resolved in Previous Versions21Known Issues31For Assistance38Tamaño: 2 MBPáginas: 40Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosChanged Functionality2Features and Functionality Added in Previous Releases2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services2Terminology3Features Introduced in Previous Versions4Documentation Updates4Before You Begin: Important Update and Compatibility Notes6Configuration and Event Backup Guidelines6Traffic Flow and Inspection During the Update6Audit Logging During the Update7Version Requirements for Updating to Version 5.3.1.77Time and Disk Space Requirements for Updating to Version 5.3.1.77Product Compatibility After Updating to Version 5.3.1.78Installing the Update9Updating Defense Centers10Updating Cisco ASA with FirePOWER Services13Uninstalling the Update14Planning the Uninstallation15Uninstalling the Update from a ASA FirePOWER Device15Uninstalling the Update from a Defense Center16Resolved Issues17Known Issues23Assistance30Tamaño: 400 KBPáginas: 32Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosInstall Hotfix O on ASA Firepower modules via the Firepower Management Center1Install Hotfix O on ASA Firepower modules via ASDM2Resolved Issues3For Assistance3Tamaño: 200 KBPáginas: 4Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosUpdate Sequence Guidelines1Installing the Pre-Installation Package on a Firepower Management Center2Installing the Pre-Installation Package to 7000 and 8000 Series Devices, Firepower NGIPSv, and ASA FirePOWER modules2Installing the Pre-Installation Package to ASA FirePOWER module managed via ASDM3Installing the Pre-Installation Package on Firepower Threat Defense devices4Resolved Issues5For Assistance6Tamaño: 300 KBPáginas: 6Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosChanged Functionality2Features and Functionality Added in Previous Releases2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services2Terminology3Features Introduced in Previous Versions4Documentation Updates4Before You Begin: Important Update and Compatibility Notes6Configuration and Event Backup Guidelines6Traffic Flow and Inspection During the Update7Audit Logging During the Update7Version Requirements for Updating to Version 5.3.1.47Time and Disk Space Requirements for Updating to Version 5.3.1.47Product Compatibility After Updating to Version 5.3.1.48Installing the Update9Updating Defense Centers11Updating Cisco ASA with FirePOWER Services13Uninstalling the Update14Planning the Uninstallation15Uninstalling the Update from a ASA FirePOWER Device15Uninstalling the Update from a Defense Center16Resolved Issues17Known Issues21Assistance27Tamaño: 400 KBPáginas: 28Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosNew Features and Functionality2Management of Cisco ASA with FirePOWER Services2Feature Limitations of Cisco ASA with FirePOWER Services2Terminology3Documentation Updates4Before You Begin: Important Update and Compatibility Notes4Configuration and Event Backup Guidelines5Audit Logging During the Update5Version Requirements for Updating to Version 5.3.15Time and Disk Space Requirements for Updating to Version 5.3.15Product Compatibility After Updating to Version 5.3.16Returning to a Previous Version7Installing the Update7Updating Defense Centers9Using the Shell to Perform the Update11Resolved Issues11Known Issues12For Assistance16Tamaño: 300 KBPáginas: 18Language: EnglishManuales abiertas
Guía Para Resolver ProblemasTabla de contenidosContents1Introduction1Components Used1Overview1The User-IP Mapping Method1The Inline Tagging Method3Troubleshooting3From the Restricted Shell of a Firepower Device3From the Expert Mode of a Firepower Device4From the Firepower Management Center5Tamaño: 90 KBPáginas: 5Language: EnglishManuales abiertas
Notas de publicaciónTabla de contenidosSupported Platforms and Compatibility1Supported Platforms1Management Platform-Managed Device Compatibility3New Features and Functionality7New Features7Updated Terminology7Updated Documentation8Features and Changed Functionality Introduced in Previous Versions8Version 6.0.18Fully Integrated, Threat-Focused Next-Generation Firewall8Firepower Threat Defense8Firepower 4100 Series9Firepower 9300 Series9Version 6.09Expanded Threat Protection9Enhanced Network Visibility and Control9Improved Threat Defense Against Advanced Persistent Threats10Expanded Management Functionality11Before You Begin: Important Update and Compatibility Notes12Configuration and Event Backup Guidelines12Traffic Flow and Inspection During the Update12Audit Logging During the Update13Time and Disk Space Requirements for Updating to Version 6.0.1.114Firepower Version Requirements for Updating to Version 6.0.1.115Web Browser and Screen Resolution Compatibility in Version 6.0.1.116Integrated Product Compatibility in Version 6.0.1.117Installing the Update17Updating Firepower Management Centers19Updating Managed Devices and Cisco ASA with FirePOWER Servicess20Updating Firepower Threat Defense Devices22Uninstalling the Update24Planning the Uninstallation24Uninstalling the Update from a Managed Device25Uninstalling the Update from a Virtual Managed Device26Uninstalling the Update from a Cisco ASA with FirePOWER Services27Uninstalling the Update from a Firepower Management Center27Uninstalling the Update from a Cisco ASA with FirePOWER Services Managed by ASDM28Resolved Issues29Known Issues39For Assistance50Tamaño: 2 MBPáginas: 52Language: EnglishManuales abiertas