Cisco Cisco Firepower Management Center 4000

Page of 1844
 
51-26
FireSIGHT System User Guide
 
Chapter 51      Configuring Appliance Settings 
  Enabling Cloud Communications
Supported Defense Centers: 
Any except DC500
The FireSIGHT System contacts the Collective Security Intelligence Cloud to obtain various types of 
information:
  •
If your organization has a FireAMP subscription, you can receive endpoint-based malware events; 
see 
  •
File policies associated with access control rules allow managed devices to detect files transmitted 
in network traffic. The Defense Center uses data from the Cisco cloud to determine if the files 
represent malware; see 
  •
When you enable URL filtering, the Defense Center can retrieve category and reputation data for 
many commonly visited URLs, as well as perform lookups for uncategorized URLs. You can then 
quickly create URL conditions for access control rules; see 
.
Use the Defense Center’s local configuration to specify the following options:
Enable URL Filtering
You must enable this option to perform category and reputation-based URL filtering.
Query Cloud for Unknown URL
Allows the system to query the cloud when someone on your monitored network attempts to browse 
to a URL that is not in the local data set.
If the cloud does not know the category or reputation of a URL, or if the Defense Center cannot 
contact the cloud, the URL does not match access control rules with category or reputation-based 
URL conditions. You cannot assign categories or reputations to URLs manually.
Disable this option if you do not want your uncategorized URLs to be cataloged by the Cisco cloud, 
for example, for privacy reasons.
Enable Automatic Updates
Allows the system to contact the cloud on a regular basis to obtain updates to the URL data in your 
appliances’ local data sets. Although the cloud typically updates its data once per day, enabling 
automatic updates forces the Defense Center to check every 30 minutes to make sure that you always 
have up-to-date information. 
Although daily updates tend to be small, if it has been more than five days since your last update, 
new URL filtering data may take up to 20 minutes to download, depending on your bandwidth. Then, 
it may take up to 30 minutes to perform the update itself.
If you want to have strict control of when the system contacts the cloud, you can disable automatic 
updates and use the scheduler instead, as described in 
Note
Cisco recommends that you either enable automatic updates or use the scheduler to schedule 
updates. Although you can manually perform on-demand updates, allowing the system to 
automatically contact the cloud on a regular basis provides you with the most up-to-date, 
relevant URL data.
Share URI Information of malware events with Cisco
Optionally, Defense Centers can send information about the files detected in network traffic to the 
cloud. This information includes URI information associated with detected files and their SHA-256 
hash values. Although sharing is opt-in, transmitting this information to Cisco will help with future 
efforts to identify and track malware.