Cisco Cisco Firepower Management Center 4000
28-26
FireSIGHT System User Guide
Chapter 28 Detecting Specific Threats
Detecting Sensitive Data
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
Sensitive Data Detection
under Specific Threat Detection is
enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
The Sensitive Data Detection page appears.
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration.
See
See
for more information.
Step 5
Click the data type name under
Data Types
to select the data type you want to modify.
The Configuration area updates to display the current settings for the selected data type.
Step 6
Click inside the
Application Protocols
field, or click
Edit
next to the field.
The Application Protocols pop-up window appears.
Step 7
You have two choices:
•
To add up to eight application protocols to monitor, select one or more application protocols from
the
the
Available
list on the left, then click the right arrow (
>
) button.
•
To remove an application protocol, select it from the
Enabled
list on the right, then click the left arrow
(
<
) button.
Use Ctrl or Shift while clicking to select multiple application protocols. You can also click and drag to
select multiple adjacent application protocols.
select multiple adjacent application protocols.
Note
To detect sensitive data in FTP traffic, you must add the
FTP data
application protocol and
ensure that the FTP/Telnet preprocessor is enabled. See
for more information.
Step 8
Click
OK
to add the application protocols.
The Sensitive Data Detection page is displayed and the application protocols are updated.
Special Case: Detecting Sensitive Data in FTP Traffic
License:
Control
You usually determine which traffic to monitor for sensitive data by specifying the ports to monitor or,
optionally, specifying application protocols in deployments. However, specifying ports or application
protocols is not sufficient for detecting sensitive data in FTP traffic. Sensitive data in FTP traffic is found
in traffic for the FTP application protocol, which occurs intermittently and uses a transient port number,
making it difficult to detect. To detect sensitive data in FTP traffic, you must include the following in
your configuration:
optionally, specifying application protocols in deployments. However, specifying ports or application
protocols is not sufficient for detecting sensitive data in FTP traffic. Sensitive data in FTP traffic is found
in traffic for the FTP application protocol, which occurs intermittently and uses a transient port number,
making it difficult to detect. To detect sensitive data in FTP traffic, you must include the following in
your configuration:
•
Specify the
FTP data
application protocol.
Specifying the
FTP data
application protocol enables detection of sensitive data in FTP traffic. See
for more information.
•
Ensure that the FTP/Telnet preprocessor is enabled.