Cisco Cisco Firepower Management Center 4000

Cisco

Glossary

GL-23

FireSIGHT System User Guide

FireAMP

Cisco’s enterprise-class,

-based, advanced malware analysis and protection solution that

discovers, understands, and blocks malware outbreaks, persistent threats, and targeted attacks. If your
organization has a

FireAMP subscription

, individual users install lightweight

FireAMP Connector

endpoints (computers, mobile devices), which then communicate with the

Collective Security

Intelligence Cloud

. This allows you to quickly identify and quarantine malware, as well as identify

outbreaks when they occur, track their trajectory, understand their effects, and learn how to successfully
recover. You can also use the

to create custom protections, block execution of certain

applications, and create custom whitelists. Compare with network-based

advanced malware protection

FireAMP Connector

A lightweight agent that users in a subscription-based

deployment install on

s, such

as computers and mobile devices. Connectors communicate with the

Collective Security Intelligence

, exchanging information that allow you to quickly identify and quarantine malware throughout

your organization. They can also identify

indications of compromise

on endpoint hosts.

FireAMP portal

The website, http://amp.sourcefire.com/, where you can configure your organization’s
subscription-based

deployment.

FireAMP subscription

A separately purchased subscription that allows your organization to use

as an

malware protection

(AMP) solution. Compare with a

Malware license

, which you enable on managed

s to perform network-based AMP.

FireSIGHT license

The default license on the

, which allows you to perform

discovery. The FireSIGHT license also determines how many individual

s and users you can monitor

with the

and its managed

s, as well as the number of

access-controlled user

s you

can use in

access control rule

s to perform

FireSIGHT Recommendations layer

in an

intrusion policy

that exists when you allow the system to modify

recommended by the

FireSIGHT recommended rules

feature.

FireSIGHT recommended rules

A feature that recommends which rules should be enabled or disabled in your

intrusion policy

, based on

information from your

. You can choose to allow the system to modify

s based on

recommendations, in which case the system adds a read-only

FireSIGHT Recommendations layer

GeoDB

See

geolocation database

.

geolocation

A feature that provides data on the geographical source of routable IP addresses detected in traffic on
your monitored network, including connection type, internet service provider, and so on. You can see
geolocation information, which is stored in the

geolocation database

connection event

s,