Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System Release Notes
5
New and Updated Features and Functionality
Next-Generation Intrusion Prevention (NGIPS) Features
Host and Event Correlation IOC Style (Indications of Compromise)
L
ICENSE
: FireSIGHT + Protection or FireAMP subscription
S
UPPORTED
D
EVICES
: Feature dependent
S
UPPORTED
D
EFENSE
C
ENTERS
: Feature dependent
Host and event correlation introduces the ability to pinpoint the hosts on your
network that may have been compromised by an attack. Host and event
correlation aggregates data from intrusion events, connection events, Security
Intelligence events, and FireAMP events to help you quickly diagnose and contain
security breaches on your network.
This feature introduces Sourcefire-provided Indications of Compromise (IOC)
This feature introduces Sourcefire-provided Indications of Compromise (IOC)
rules that allow you to control whether the system generates IOC events for
particular types of compromise and correlates those events with the host
involved. At the time of event generation, the system sets an IOC tag on the
affected host impacted by that IOC event. Hosts that have the most IOC events
associated with them from unique detection sources are those that are most
likely compromised. Once you have resolved the breach, the IOC tags are
removed. IOC events and host tags are viewable in the host profile, network map,
Context Explorer, dashboard, and event viewers.
Enhanced Security Intelligence Event Storage and Views
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
If your system is configured to blacklist traffic or monitor blacklisted traffic based
on Security Intelligence data, you can now view Security Intelligence events in
dashboards and in the Context Explorer. Security Intelligence events, although
similar to connection events, are stored and pruned separately and have their own
similar to connection events, are stored and pruned separately and have their own
event view, workflows, and Custom Analysis dashboard widget presets.
Simplified Intrusion Policy Variable Management
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Any
S
UPPORTED
D
EFENSE
C
ENTERS
: Any
The addition of variable sets streamlines and centralizes variable management in
the object manager. You create custom variable sets and customize the default
variable set to suit your network environment. The default variable set functions
as a master key, containing both Sourcefire-provided default variables and
user-created custom variables, and can be used to populate custom variable sets.
Customizing a variable in this set propagates the change to all other variable sets
containing that variable.
The update from Version 5.2 to Version 5.3 automatically transitions existing
The update from Version 5.2 to Version 5.3 automatically transitions existing
variables into variable sets. Existing system level variables become custom