Cisco Cisco Firepower Management Center 4000

Because you cannot use a Malware license with a DC500, nor enable a Malware license on a Series 2 
device, you cannot use those appliances to capture, store, or block individual files, submit files for 
dynamic analysis, or view file trajectories for files for which you conduct a malware cloud lookup.

For file and malware cloud-based features, you can use a FireAMP Private Cloud instead of the standard 
cloud connection if your organization requires additional security or wishes to limit outside connections. 
All file and malware cloud lookups, as well as collection and relaying of event data from FireAMP 
endpoints, are handled through the private cloud; when the private cloud contacts the standard Cisco 
cloud, it does so through an anonymized proxy connection.

For more information, see:

For more information on evaluating event data related to malware protection and file control, see 

Protection, Malware, or Any

feature dependent

feature dependent

Using the advanced malware protection feature, you can configure the FireSIGHT System to detect, 
store, track, analyze, and optionally block malware files being transmitted on your network, as shown in 
the following diagram.

FireAMP integration

receive endpoint-based malware information from the 
Cisco cloud, using your organization’s FireAMP 
subscription; track the transmission of malware files 
using that information

Any

geolocation

detect source and destination countries and other 
geographical information associated with file and 
malware events

FireSIGHT (with 
GeoDB update for 
detailed 
information)