Cisco Cisco Firepower Management Center 4000
Glossary
GL-33
FireSIGHT System User Guide
Normalizing application layer protocol encoding allows the system to effectively apply the same
content-related intrusion rules to packets whose data is represented differently and obtain meaningful
results. Preprocessors generate
content-related intrusion rules to packets whose data is represented differently and obtain meaningful
results. Preprocessors generate
s whenever packets trigger preprocessor options that
you configure.
preprocessor event
A type of
that is generated when a packet triggers specified
options.
Preprocessor events can help you detect anomalous protocol exploits.
preprocessor rule
associated with a
or with the portscan flow detector. You must enable
preprocessor rules if you want them to generate
s. Preprocessor rules have a preprocessor-specific
(generator ID).
private search
A named set of search criteria for a specific table, tied to your user account. Only you and users with
Administrator access can use your private searches.
Administrator access can use your private searches.
protected network
Your organization’s internal network that is protected from users of other networks by a device such as
a firewall. Many of the
a firewall. Many of the
s delivered with the FireSIGHT System use
s to define the
protected network and the unprotected (or outside) network.
Protection license
A license for
devices,
s, and Sourcefire Software for X-Series that allows you to
perform
, and
filtering. Without a
devices automatically have Protection capabilities, with the exception of Security
Intelligence.
RADIUS authentication
Remote Authentication Dial In User Service, a service used to authenticate, authorize, and account for
user access to network resources. You can create an external
user access to network resources. You can create an external
to allow FireSIGHT
System users to authenticate through a RADIUS server.
rate filtering
A form of anomaly detection that sets a new
state for a rule based on the rate of matching
traffic.
remediation
An action that mitigates potential attacks on your system. You can configure remediations and, within a
, associate them with
s and
s so that when they
trigger, the
launches the remediation. This can not only automatically mitigate attacks
when you are not immediately available to address them, but can also ensure that your system remains
compliant with your organization’s
compliant with your organization’s
. The Defense Center ships with predefined
s, and you also can use a flexible API to create custom remediations.