Cisco Cisco Firepower Management Center 4000
Glossary
GL-16
FireSIGHT System User Guide
connection log
See
.
connection summary
Connection data aggregated over a five-minute interval. The system uses connection summaries to build
s and
s. To be aggregated, multiple
s must represent the end of
connections, have the same source and destination IP addresses, and use the same port on the responder
(destination)
(destination)
. They must use the same protocol (TCP or UDP) and
they must either be detected by the same Cisco managed
, or be exported by the same
-enabled device.
connection tracker
One or more conditions that constrain a
so that after the rule’s initial criteria are met, the
system begins tracking certain
s. The rule then triggers only if the tracked connections meet
additional criteria.
Context Explorer
A page that displays detailed, interactive graphical information about your monitored network, using
, file,
, malware, and
. Distinct sections present
information in the form of vivid line, bar, pie, and donut graphs, accompanied by detailed lists. You can
easily create and apply custom filters to fine-tune your analysis, and you can examine data sections in
more detail by clicking or hovering your cursor over graph areas. Compared with a
easily create and apply custom filters to fine-tune your analysis, and you can examine data sections in
more detail by clicking or hovering your cursor over graph areas. Compared with a
, which is
highly customizable, compartmentalized, and updates in real time, the Context Explorer is manually
updated, designed to provide broader context for its data, and has a single, consistent layout designed
for active user exploration.
updated, designed to provide broader context for its data, and has a single, consistent layout designed
for active user exploration.
context menu
A pop-up menu, available on many of the pages in the web interface, that you can use as a shortcut for
accessing other features in the FireSIGHT System. The contents of the menu depend on several factors,
including the page you are viewing, the specific data you are investigating, and your
accessing other features in the FireSIGHT System. The contents of the menu depend on several factors,
including the page you are viewing, the specific data you are investigating, and your
. Context
menu options include links to
, and host information; various intrusion rule settings,
quick links to the
; options to add a host to the
or
by its IP address; and options to add a file to the
by its
Control license
A license that allows you to implement
and
by adding user and
conditions to
s. It also allows you to configure your managed
s to
perform switching and routing (including DHCP relay and
), as well as
managed devices.
correlation
A feature you can use to build a
that responds in real time to threats on your network.
The
component of correlation provides a flexible API that allows you to create and upload
violations.
correlation event
An
generated by the
when a
triggers. Note that
s,
s, are a special kind of correlation event.