Cisco Cisco Firepower Management Center 4000
51-26
FireSIGHT System User Guide
Chapter 51 Configuring Appliance Settings
Enabling Cloud Communications
Supported Defense Centers:
Any except DC500
The FireSIGHT System contacts the Collective Security Intelligence Cloud to obtain various types of
information:
information:
•
•
File policies associated with access control rules allow managed devices to detect files transmitted
in network traffic. The Defense Center uses data from the Cisco cloud to determine if the files
represent malware; see
in network traffic. The Defense Center uses data from the Cisco cloud to determine if the files
represent malware; see
•
When you enable URL filtering, the Defense Center can retrieve category and reputation data for
many commonly visited URLs, as well as perform lookups for uncategorized URLs. You can then
quickly create URL conditions for access control rules; see
many commonly visited URLs, as well as perform lookups for uncategorized URLs. You can then
quickly create URL conditions for access control rules; see
.
Use the Defense Center’s local configuration to specify the following options:
Enable URL Filtering
You must enable this option to perform category and reputation-based URL filtering.
Query Cloud for Unknown URL
Allows the system to query the cloud when someone on your monitored network attempts to browse
to a URL that is not in the local data set.
to a URL that is not in the local data set.
If the cloud does not know the category or reputation of a URL, or if the Defense Center cannot
contact the cloud, the URL does not match access control rules with category or reputation-based
URL conditions. You cannot assign categories or reputations to URLs manually.
contact the cloud, the URL does not match access control rules with category or reputation-based
URL conditions. You cannot assign categories or reputations to URLs manually.
Disable this option if you do not want your uncategorized URLs to be cataloged by the Cisco cloud,
for example, for privacy reasons.
for example, for privacy reasons.
Enable Automatic Updates
Allows the system to contact the cloud on a regular basis to obtain updates to the URL data in your
appliances’ local data sets. Although the cloud typically updates its data once per day, enabling
automatic updates forces the Defense Center to check every 30 minutes to make sure that you always
have up-to-date information.
appliances’ local data sets. Although the cloud typically updates its data once per day, enabling
automatic updates forces the Defense Center to check every 30 minutes to make sure that you always
have up-to-date information.
Although daily updates tend to be small, if it has been more than five days since your last update,
new URL filtering data may take up to 20 minutes to download, depending on your bandwidth. Then,
it may take up to 30 minutes to perform the update itself.
new URL filtering data may take up to 20 minutes to download, depending on your bandwidth. Then,
it may take up to 30 minutes to perform the update itself.
If you want to have strict control of when the system contacts the cloud, you can disable automatic
updates and use the scheduler instead, as described in
updates and use the scheduler instead, as described in
Note
Cisco recommends that you either enable automatic updates or use the scheduler to schedule
updates. Although you can manually perform on-demand updates, allowing the system to
automatically contact the cloud on a regular basis provides you with the most up-to-date,
relevant URL data.
updates. Although you can manually perform on-demand updates, allowing the system to
automatically contact the cloud on a regular basis provides you with the most up-to-date,
relevant URL data.
Share URI Information of malware events with Cisco
Optionally, Defense Centers can send information about the files detected in network traffic to the
cloud. This information includes URI information associated with detected files and their SHA-256
hash values. Although sharing is opt-in, transmitting this information to Cisco will help with future
efforts to identify and track malware.
cloud. This information includes URI information associated with detected files and their SHA-256
hash values. Although sharing is opt-in, transmitting this information to Cisco will help with future
efforts to identify and track malware.