Cisco Cisco Firepower Management Center 4000

.

Adobe Reader Compromise — Adobe Reader launched shell

Adobe Reader Compromise — PDF Compromise Detected by FireAMP

CnC Connected — Suspected Botnet Detected by FireAMP

Dropper Infection — Dropper Infection Detected by FireAMP

Excel Compromise — Excel Compromise Detected by FireAMP

Excel Compromise — Excel launched shell

Java Compromise — Java Compromise Detected by FireAMP

Java Compromise — Java launched shell

Malware Detected — Threat Detected by FireAMP - Not Executed

Malware Detected — Threat Detected in File Transfer

Malware Executed — Threat Detected by FireAMP - Executed

PowerPoint Compromise — PowerPoint Compromise Detected by FireAMP

PowerPoint Compromise — PowerPoint launched shell

QuickTime Compromise — QuickTime Compromise Detected by FireAMP

QuickTime Compromise — QuickTime launched shell

Word Compromise — Word Compromise Detected by FireAMP

Word Compromise — Word launched shell

FireSIGHT+Protection

The following IOC types are associated with intrusion events, which require a Protection license. For 
more information on viewing intrusion events and configuring intrusion detection and protection, see 

 and 

.

CnC Connected — Intrusion Event - malware-backdoor

CnC Connected — Intrusion Event - malware-cnc

Exploit Kit — Intrusion Event - exploit-kit

Impact 1 Attack — Impact 1 Intrusion Event - attempted-admin

Impact 1 Attack — Impact 1 Intrusion Event - attempted-user

Impact 1 Attack — Impact 1 Intrusion Event - successful-admin

Impact 1 Attack — Impact 1 Intrusion Event - successful-user

Impact 1 Attack — Impact 1 Intrusion Event - web-application-attack

Impact 2 Attack — Impact 2 Intrusion Event - attempted-admin

Impact 2 Attack — Impact 2 Intrusion Event - attempted-user

Impact 2 Attack — Impact 2 Intrusion Event - successful-admin

Impact 2 Attack — Impact 2 Intrusion Event - successful-user

Impact 2 Attack — Impact 2 Intrusion Event - web-application-attack