Cisco Cisco Firepower Management Center 4000
Glossary
GL-29
FireSIGHT System User Guide
malware blocking
A component of Cisco’s network-based
(AMP) solution. After
yields a malware
, you can either block the file or allows its upload or download. Compare this functionality with
, Cisco’s endpoint-based AMP tool that requires a
malware cloud lookup
A process by which the
communicates with the
to determine the
of a file detected in network traffic, based on the file’s
malware detection
A component of Cisco’s network-based
(AMP) solution. File policies
applied to managed
s as part of your overall
configuration inspect network traffic.
The Defense Center then performs
s for specific detected
s, and generates
events that alert you to the files’
follows and either blocks
, Cisco’s
endpoint-based AMP tool that requires a
malware disposition
A determination by the
as to whether a file contains malware,
based on the file’s
or
malware disposition cache
A cache on the Defense Center that stores
s and
s for files. To improve
performance, if the system already knows the disposition or threat score for a file based on its
, the Defense Center uses the cached information rather than performing a
. Information in the cache times out after a certain period of time so that cache data does not
become stale.
malware event
generated by one of Cisco’s
solutions. Network-based malware
events are generated when the
returns a
a file detected in network traffic;
s are generated when that disposition
-based malware events, which are generated when a deployed
detects a threat, blocks malware execution, or quarantines or fails to quarantine malware.
Malware license
A license that allows you to perform
(AMP) in network traffic. Using a
, you can configure the system to perform
s detected
by managed
s. Compare with
malware protection
See