Cisco Cisco Firepower Management Center 4000
1-14
FireSIGHT System User Guide
Chapter 1 Introduction
Documentation Resources
eStreamer integration requires custom programming, but allows you to request specific data from an
appliance. If, for example, you display network host data within one of your network management
applications, you could write a program to retrieve host criticality or vulnerability data from the Defense
Center and add that information to your display.
appliance. If, for example, you display network host data within one of your network management
applications, you could write a program to retrieve host criticality or vulnerability data from the Defense
Center and add that information to your display.
External Database Access
The database access feature allows you to query several database tables on a Defense Center, using a
third-party client that supports JDBC SSL connections.
third-party client that supports JDBC SSL connections.
You can use an industry-standard reporting tool such as Crystal Reports, Actuate BIRT, or JasperSoft
iReport to design and submit queries. Or, you can configure your own custom application to query Cisco
data. For example, you could build a servlet to report intrusion and discovery event data periodically or
refresh an alert dashboard.
iReport to design and submit queries. Or, you can configure your own custom application to query Cisco
data. For example, you could build a servlet to report intrusion and discovery event data periodically or
refresh an alert dashboard.
Host Input
The host input feature allows you to augment the information in the network map by importing data from
third-party sources using scripts or command-line files.
third-party sources using scripts or command-line files.
The web interface also provides some host input functionality; you can modify operating system or
application protocol identities, validate or invalidate vulnerabilities, and delete various items from the
network map, including clients and server ports.
application protocol identities, validate or invalidate vulnerabilities, and delete various items from the
network map, including clients and server ports.
Remediation
The system includes an API that allows you to create remediations that your Defense Center can
automatically launch when conditions on your network violate an associated correlation policy or
compliance white list. This can not only automatically mitigate attacks when you are not immediately
available to address them, but can also ensure that your system remains compliant with your
organization’s security policy. In addition to remediations that you create, the Defense Center ships with
several predefined remediation modules.
automatically launch when conditions on your network violate an associated correlation policy or
compliance white list. This can not only automatically mitigate attacks when you are not immediately
available to address them, but can also ensure that your system remains compliant with your
organization’s security policy. In addition to remediations that you create, the Defense Center ships with
several predefined remediation modules.
Documentation Resources
The FireSIGHT System documentation set includes online help and PDF files. You can reach the online
help from the web interface in the following ways:
help from the web interface in the following ways:
•
by clicking the context-sensitive help link on each page
•
by selecting
Help > Online
The online help includes information about the tasks you can complete using a Defense Center or
device’s web interface, including system management, policy management, and event analysis.
device’s web interface, including system management, policy management, and event analysis.
You can access the most up-to-date versions of the PDF documentation on either of the following
Support Sites:
Support Sites:
•
Sourcefire:
•
Cisco:
This documentation includes:
•
the FireSIGHT System User Guide, which includes the same content as the online help, but in an
easy-to-print format
easy-to-print format
•
the FireSIGHT System Installation Guide, which includes information about installing Cisco
appliances as well as hardware specifications and safety information
appliances as well as hardware specifications and safety information