Cisco Cisco Firepower Management Center 4000
Glossary
GL-32
FireSIGHT System User Guide
operating system identity
The operating system vendor and version details for an operating system on a
packet view
A type of
page that provides detailed information about the packet that triggered an
or the
that generated an
. The packet view is the final page in
based on intrusion events.
pass rule
An
that, when triggered, does not generate an
and does not log the details
of the packet that triggered the rule. Pass rules allow you to prevent packets that meet specific criteria
from generating an event in specific situations, as an alternative to disabling the intrusion rule. Compare
with
from generating an event in specific situations, as an alternative to disabling the intrusion rule. Compare
with
.
passive detection
The collection of
through analysis of traffic passively collected by managed
Compare with
.
passive interface
A
configured to analyze traffic in a passive deployment.
pending (application protocol)
A designation given to an
identity when the system can neither positively nor
negatively identify the application protocol. Most often, the system needs to collect and analyze more
data before it can identify a pending application protocol.
data before it can identify a pending application protocol.
physical interface
An interface that represents a physical port on a
.
policy
A mechanism for applying settings, most often to an
,
,
,
, and
.
policy target
An
where you
. A policy may have multiple targets.
port object
A reusable
that represents an open port that uses transport layer protocols (for example, TCP,
UDP, or ICMP).
preprocessor
A feature that normalizes traffic inspected by an
and that helps identify network layer
and transport layer protocol anomalies by identifying inappropriate header options, defragmenting IP
datagrams, providing TCP stateful inspection and stream reassembly, and validating checksums.
Preprocessors can also render specific types of packet data in a format that the system can analyze; these
preprocessors are called data normalization preprocessors, or application layer protocol preprocessors.
datagrams, providing TCP stateful inspection and stream reassembly, and validating checksums.
Preprocessors can also render specific types of packet data in a format that the system can analyze; these
preprocessors are called data normalization preprocessors, or application layer protocol preprocessors.