Cisco Cisco Firepower Management Center 4000 Manual

Page of 1844
 
55-3
FireSIGHT System User Guide
 
Chapter 55      Using Health Monitoring
  Understanding Health Monitoring
a health policy to that device. For more information on the Cisco-provided default health policy for your 
appliances, se
. For more information on creating 
customized health policies, see 
. For details on applying policies, see 
For more information on health policies and the health modules you can run to test system health, see 
the following topics:
  •
  •
  •
Understanding Health Policies
License: 
Any
health policy is a collection of health module settings you apply to an appliance to define the criteria 
that the Defense Center uses when checking the health of the appliance. The health monitor tracks a 
variety of health indicators to ensure that your FireSIGHT System hardware and software are working 
correctly. 
When you create health policies, you choose which tests to run to determine appliance health. You can 
also apply the default health policy to any appliance.
Understanding Health Modules
License: 
Any
Health modules, also sometimes referred to as health tests, are scripts that test for the criteria you specify 
in a health policy. The available health modules are described in the following table. 
Table 55-1
Health Modules 
Module
Description
Advanced Malware 
Protection
This module alerts if the Defense Center cannot contact the Collective Security Intelligence 
Cloud, either to retrieve file disposition information for files detected in network traffic or to 
submit files for dynamic analysis, or if an excessive number of files are detected in network 
traffic, based on the file policy configuration. 
This module runs on all Defense Centers except the DC500, which does not support advanced 
malware protection.
Appliance Heartbeat
This module determines if an appliance heartbeat is being heard from the appliance and alerts 
based on the appliance heartbeat status.
Automatic Application 
Bypass Status
This module determines if an appliance has been bypassed because it did not respond within the 
number of seconds set in the bypass threshold, and alerts when a bypass occurs. 
CPU Usage
This module checks that the CPU on the appliance is not overloaded and alerts when CPU usage 
exceeds the percentages configured for the module.
This module is not available for health policies applied to 3D9900 devices.
Card Reset
This module checks for network cards which have restarted due to hardware failure and alerts 
when a reset occurs. 
downloadlike
ArtboardArtboardArtboard
Report Bug