Cisco Cisco Firepower Management Center 4000

Application-layer protocols can represent the same data in a variety of ways. Cisco provides 
application-layer protocol decoders that normalize specific types of packet data into formats that the 
rules engine can analyze. Normalizing application-layer protocol encodings allows the rules engine to 
effectively apply the same content-related rules to packets whose data is represented differently and 
obtain meaningful results.

Note that preprocessors do not generate events in most cases unless you enable the accompanying 
preprocessor rules. See 

 for more information.

See the following sections for more information:

 describes the DCE/RPC preprocessor and explains how to 

configure it to prevent evasion attempts and detect anomalies in DCE/RPC traffic.

 describes the DNS preprocessor 

and explains how to configure it to detect any of three specific exploits in DNS name server 
responses.

 describes the FTP/Telnet decoder and explains how to 

configure it to normalize and decode FTP and Telnet traffic.

 describes the HTTP decoder and explains how to configure it 

to normalize HTTP traffic.

 describes the RPC decoder and explains how to 

configure it to normalize RPC traffic.

 explains how you can use the SIP preprocessor 

to decode and detect anomalies in SIP traffic. 

 explains how you can use the GTP 

preprocessor to provide the rules engine with GTP command channel messages extracted by the 
packet decoder.

 explains how you can use the IMAP preprocessor to decode and 

detect anomalies in IMAP traffic.

 explains how you can use the POP preprocessor to decode and 

detect anomalies in POP traffic.

 describes the SMTP decoder and explains how to configure it 

to decode and normalize SMTP traffic.

 explains how to identify and process 

exploits in SSH-encrypted traffic.