Cisco Cisco Firepower Management Center 4000

A policy that describes the network activity that constitutes a 

 violation, using 

s and 

s. You can specify 

s to each rule or white list within a policy.

With 

s, one of the ways you can specify criteria that network traffic must meet in 

order to violate a 

. You can use the 

 to configure correlation rules to 

trigger (and generate a 

) when a specific 

, 

, 

 occurs, or when your network traffic deviates from your 

normal network traffic pattern as characterized in a 

. You can constrain correlation rules 

with 

s. You can also 

configure the Defense Center to launch a response, such as an 

, when a correlation 

rule triggers.

See 

 identity that the system finds most likely to be correct for a particular 

network asset. The system uses this data in many ways; for example, to calculate statistics, assign 

 information, assess impact of an attack, and evaluate 

s.

The user that the system associates with a 

. If the user is an 

, the system can 

perform 

 on traffic to or from that host. If no access-controlled user is associated with the 

host, a 

 can be the current user for the host. However, after an 

access-controlled user logs into the host, only a login by another access-controlled user changes the 
current user.

A list of files as represented by their 

s. When the system detects a file in the list, it 

does not perform a 

, treating the file as malware, even if the 

 for the file 

in the 

 is Clean.

See 

.

A table you can construct that combines fields from two or more of the predefined tables delivered with 
the FireSIGHT System. For example, you could combine the 

 information from the 

s table with information from the 

 data table to examine connection data in a new 

context.

A feature that allows you to meaningfully organize and identify subnets in the 

, and