Cisco Cisco Firepower Management Center 4000
3-20
FireSIGHT System User Guide
Chapter 3 Using Dashboards
Understanding the Predefined Widgets
Malware Intrusions
Displays intrusion events, based on the number
of intrusion events occurring in connections
transmitting malware.
of intrusion events occurring in connections
transmitting malware.
Files Dashboard
Malware
Malware Threats
Displays the number of malware threats
detected either in network traffic by the system
or by FireAMP Connectors, grouped by threat
name.
detected either in network traffic by the system
or by FireAMP Connectors, grouped by threat
name.
Files Dashboard
Malware license
or FireAMP
subscription
or FireAMP
subscription
New Indications of
Compromise over Time
Compromise over Time
Displays a graph of new indications of
compromise detected over the dashboard time
range.
compromise detected over the dashboard time
range.
Summary Dashboard
FireSIGHT
Operating Systems
Displays operating systems, based on the
number of hosts running each operating system
within your network.
number of hosts running each operating system
within your network.
Detailed Dashboard
FireSIGHT
Possible Zero-Day
Malware
Malware
Displays the captured files most likely to be
zero-day malware, with a file disposition of
unknown and either
zero-day malware, with a file disposition of
unknown and either
High
or
Very High
threat
scores, based on the number of times the file
was seen.
was seen.
Files Dashboard
Malware
Processes Introducing
Malware
Malware
Displays the system processes that accessed or
created malware detected by FireAMP
Connectors.
created malware detected by FireAMP
Connectors.
Files Dashboard
Malware license
or FireAMP
subscription
or FireAMP
subscription
Risky Applications with
Low Business Relevance
Low Business Relevance
Displays all application connections on your
monitored network that have both high
application risk level and low estimated
business relevance.
monitored network that have both high
application risk level and low estimated
business relevance.
Summary Dashboard
FireSIGHT
Servers
Displays servers, by number of hosts.
Detailed Dashboard
FireSIGHT
Threat Detections over
Time
Time
Displays a graph of the total number of
malware threats detected either in network
traffic by the system or by FireAMP
Connectors, over the dashboard time range.
malware threats detected either in network
traffic by the system or by FireAMP
Connectors, over the dashboard time range.
Files Dashboard
Malware license
or FireAMP
subscription
or FireAMP
subscription
Top Attackers
Displays attacking host IP addresses on your
monitored network, based on the number of
intrusion events where the listed IP address
was the attacker in the connection that caused
the event.
monitored network, based on the number of
intrusion events where the listed IP address
was the attacker in the connection that caused
the event.
Summary Dashboard
Protection
Top Client Applications
Seen
Seen
Displays client applications on your monitored
network, based on total kilobytes of data
transmitted by the client application.
network, based on total kilobytes of data
transmitted by the client application.
Summary Dashboard
FireSIGHT
Top Operating Systems
Seen
Seen
Displays operating systems on your monitored
network, based on the number of network hosts
with the operating system.
network, based on the number of network hosts
with the operating system.
Summary Dashboard
FireSIGHT
Top Server Applications
Seen
Seen
Displays server applications on your
monitored network, based on the number of
hosts running the service.
monitored network, based on the number of
hosts running the service.
Summary Dashboard
FireSIGHT
Table 3-5
Custom Analysis Widget Presets (continued)
Preset
Description
Predefined Dashboards
Licenses