Cisco Cisco Firepower Management Center 4000
47-6
FireSIGHT System User Guide
Chapter 47 Understanding and Using Workflows
Components of a Workflow
Note that because neither the DC500 Series 2 Defense Center nor Series 2 devices support
network-based advanced malware protection, the DC500 Defense Center does not display data for this
feature and Series 2 devices do not detect this data.
network-based advanced malware protection, the DC500 Defense Center does not display data for this
feature and Series 2 devices do not detect this data.
Predefined File Workflows
License:
Protection
The following table describes the predefined file event workflows included on the Defense Center. All
the predefined file event workflows use the table view of file events. For information on accessing file
events, see
the predefined file event workflows use the table view of file events. For information on accessing file
events, see
Predefined Captured File Workflows
License:
Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
The following table describes the predefined captured file workflows included on the Defense Center.
All predefined captured file workflows use the table view of captured files.
All predefined captured file workflows use the table view of captured files.
Note that because neither the DC500 Series 2 Defense Center nor Series 2 devices support
network-based advanced malware protection, the DC500 Defense Center does not display data for this
feature and Series 2 devices do not detect this data.
network-based advanced malware protection, the DC500 Defense Center does not display data for this
feature and Series 2 devices do not detect this data.
Table 47-2
Predefined Malware Workflows
Workflow Name
Description
Malware Summary
This workflow provides a list of the malware detected in network traffic or by endpoint-based
FireAMP Connectors, grouped by individual threat.
FireAMP Connectors, grouped by individual threat.
Malware Event Summary
This workflow provides a quick breakdown of the different malware event types and subtypes.
Hosts Receiving Malware
This workflow provides a list of host IP addresses that have received malware, grouped by the
malware files’ associated dispositions.
malware files’ associated dispositions.
Hosts Sending Malware
This workflow provides a list of host IP addresses that have sent malware, grouped by the
malware files’ associated dispositions.
malware files’ associated dispositions.
Applications Introducing
Malware
Malware
This workflow provides a list of host IP addresses that have received files, grouped by the
associated malware dispositions for those files.
associated malware dispositions for those files.
Table 47-3
Predefined File Workflows
Workflow Name
Description
File Summary
This workflow provides a quick breakdown of the different file event categories and types, along
with any associated malware dispositions.
with any associated malware dispositions.
Hosts Receiving Files
This workflow provides a list of host IP addresses that have received files, grouped by the
associated malware dispositions for those files.
associated malware dispositions for those files.
Hosts Sending Files
This workflow provides a list of host IP addresses that have sent files, grouped by the associated
malware dispositions for those files.
malware dispositions for those files.