Cisco Cisco Firepower Management Center 4000

One or more 

s that you suspect are involved in a possible violation of your 

The system provides incident-handling features that you can use to collect and process information that 
is relevant to your investigation of the incident.

Configured in the 

, a feature where the FireSIGHT System data correlator and 

 endpoint data analysis correlate events that may indicate a security compromise with hosts on 

your monitored network. Potentially compromised hosts are marked with tags to indicate their status, 
visible in the 

 and in relevant event views. Abbreviated as IOC.

A deployment of the FireSIGHT System where your managed 

s are placed inline on a network. In 

this configuration, devices can affect network traffic flow using switching, routing, 

.

A 

 configured to handle traffic in an 

. You must add inline interfaces 

to 

s in pairs.

One or more pairs of 

s.

An 

 that allows your users to click a button on an 

 to 

continue to an initially blocked web site.

An authentication method that stores user credentials in a local database on the 

. When a user 

logs into the appliance, the user name and password are checked against the information in the database. 
Compare with 

A security breach, attack, or exploit that occurs on your network.

The monitoring of your network traffic for 

 violations, and, in 

s, the 

ability to block or alter malicious traffic. In the FireSIGHT System, you perform intrusion detection and 
prevention when you associate an intrusion policy with an access control rule or default action.

An 

 violation. Intrusion event data includes the date, time, and the 

type of exploit, as well as other contextual information about the attack and its target.