Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.3.0.5
Sourcefire 3D System Release Notes
39
Features Introduced in Previous Versions
File capture is configured as part of a file policy and each file has a SHA-256
calculated to uniquely identify files and reduce duplicates in file storage. Captured
files are stored on the primary hard drive of the FirePOWER appliance.
You can manually submit captured files for dynamic analysis or download them
You can manually submit captured files for dynamic analysis or download them
from the FirePOWER appliance through event table views, the network file
trajectory feature, and the captured files table view.
Dynamic Analysis, Threat Scores, and Summary Reports
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Version 5.3 introduced dynamic analysis, a feature that maximizes your ability to
quickly identify new zero-day malicious behavior on your network through the use
of cloud-based technology. When configured, you can submit previously unseen
files with an unknown disposition to the Sourcefire cloud for an in-depth analysis
of the file’s behavior. Based on that behavior, a threat score is determined and
communicated back to the Defense Center. The higher the threat score, the more
likely the file is malicious and action can be taken based on threat score levels.
Sourcefire also provided a related dynamic analysis summary report that provides
Sourcefire also provided a related dynamic analysis summary report that provides
details on the analysis and why the threat score was assigned to the file. This
additional information helps you identify malware and fine tune your detection
capabilities.
You can configure your system to automatically capture and send files for
You can configure your system to automatically capture and send files for
dynamic analysis, or you can submit them for analysis on demand.
Custom Detection
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Custom file detection can be used to identify and block any files moving around
your network, even if Sourcefire has not identified the file as malicious. You do
not need a cloud connection to perform these lookups, so custom file detection is
ideal for use with any type of private intelligence data you have.
If you have identified a malicious file, you can automatically block it by adding its
If you have identified a malicious file, you can automatically block it by adding its
unique SHA-256 value to the custom file detection list. You can use the custom
detection list in combination with the clean list, which lets you mark specific files
as clean.
Together, the custom file detection list and clean list help you customize your
Together, the custom file detection list and clean list help you customize your
malware protection approach to your specific environment. The custom file
detection list and clean list are included by default in every file policy, and you can
opt not to use either or both lists on a per-policy basis.