Cisco Cisco Firepower Management Center 4000

The operating system vendor and version details for an operating system on a 

A type of 

 page that provides detailed information about the packet that triggered an 

 or the 

 that generated an 

. The packet view is the final page in 

based on intrusion events.

An 

 that, when triggered, does not generate an 

 and does not log the details 

of the packet that triggered the rule. Pass rules allow you to prevent packets that meet specific criteria 
from generating an event in specific situations, as an alternative to disabling the intrusion rule. Compare 
with 

.

The collection of 

 through analysis of traffic passively collected by managed 

Compare with 

.

A 

 configured to analyze traffic in a passive deployment.

A designation given to an 

 identity when the system can neither positively nor 

negatively identify the application protocol. Most often, the system needs to collect and analyze more 
data before it can identify a pending application protocol.

An interface that represents a physical port on a 

.

A mechanism for applying settings, most often to an 

, 

, 

, 

, and 

.

An 

 where you 

. A policy may have multiple targets.

A reusable 

 that represents an open port that uses transport layer protocols (for example, TCP, 

UDP, or ICMP).

A feature that normalizes traffic inspected by an 

 and that helps identify network layer 

and transport layer protocol anomalies by identifying inappropriate header options, defragmenting IP 
datagrams, providing TCP stateful inspection and stream reassembly, and validating checksums. 
Preprocessors can also render specific types of packet data in a format that the system can analyze; these 
preprocessors are called data normalization preprocessors, or application layer protocol preprocessors.