Cisco Cisco Firepower Management Center 4000

Malware or Any

feature dependent

feature dependent

For network-based malware events, the event type can be one of:

Threat Detected in Network File Transfer

Threat Detected in Network File Transfer (retrospective)

Application Risk

The risk associated with the application traffic detected in 
the connection: 

Very High

, 

High

, 

Medium

, 

Low

, or 

Very Low

. 

Each type of application detected in the connection has an 
associated risk; this field displays the highest of those. For 
more information, see the 

 

table.

yes

no

yes

Business 
Relevance

The business relevance associated with the application 
traffic detected in the connection: 

Very High

, 

High

, 

Medium

, 

Low

, or 

Very Low

. Each type of application detected in the 

connection has an associated business relevance; this field 
displays the lowest (least relevant) of those. For more 
information, see the 

yes

no

yes

Detector

The FireAMP detector that identified the malware, such as 
ClamAV, Spero, or SHA.

no

yes

no

Message

Any additional information associated with the malware 
event.

For network-based malware events, this field is populated 
only for files whose disposition has changed; see 

yes

yes

no

FireAMP Cloud

The name of the FireAMP cloud where the event 
originated.

no

yes

no

Device

For network-based malware events, the name of the device 
that detected the malware file.

For endpoint-based malware events and retrospective 
malware events generated by the cloud, the name of the 
Defense Center.

yes

yes

yes

Security Context

The metadata identifying the virtual firewall group through 
which the traffic passed. Note that the system only 
populates this field for ASA FirePOWER devices in 
multi-context mode.

yes

yes

yes

Count

The number of events that match the information in each 
row. This field appears after you apply a constraint that 
creates two or more identical rows.

n/a

n/a

n/a