Cisco Cisco Firepower Management Center 4000
Glossary
GL-10
FireSIGHT System User Guide
access-controlled user
A user whose network use you can control using
. You specify the LDAP groups that
access-controlled users must belong to when you configure a connection between a Microsoft Active
Directory server and the
Directory server and the
. When the
reports logins by access-controlled users,
those users are associated with IP addresses, which in turn allows
access list
A list of IP addresses, configured in the
s that can access an
. By default, anyone can access the web interface of an appliance using port 443 (HTTPS), as
well as the command line using port 22 (SSH). You can also add SNMP access using port 161.
active detection
The discovery of
, and user information using active sources. Active sources include
scanners such as
, user input to the system’s web interface, or
to the
using
the command line or third-party application API calls. Compare with
adaptive profile
An
profile that uses
to determine the operating system for the target
of a packet. Profiles within an intrusion policy then automatically adapt to cause
defragment IP packets and reassemble streams in the same way as the operating system on the target
host, and to cause
host, and to cause
to analyze the data in the same format as that used by the destination host.
advanced malware protection
Abbreviated AMP, the FireSIGHT System’s network-based
and
feature. Compare this functionality with
, Cisco’s endpoint-based AMP tool that requires a
.
advanced setting
A
or other
feature that requires specific expertise to configure. Advanced
settings typically require little or no modification and are not common to every deployment.
alert
A notification that the system has generated a specific
. You can alert based on
s
(including their
s),
s, network-based
s,
violations, health status changes, and
s logged by specific
s. In most cases,
you can alert via email, syslog, or SNMP trap.
alert response
A set of configurations that allows the system to send an
via email, syslog, or SNMP trap. You can
use a single alert response to alert you to multiple types of
s.
appliance
A
or managed
. An appliance can be physical or software-based (virtual or
Sourcefire Software for X-Series).