Cisco Cisco Firepower Management Center 4000
34-29
FireSIGHT System User Guide
Chapter 34 Analyzing Malware and File Activity
Working with Network File Trajectory
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
As you review captured files, file events, and malware events, you can view a file’s trajectory map from
the Context Explorer, properly configured dashboard widgets, and various event views. You can also
review the most recently viewed network file trajectories and the most recently detected malware from
the Network File Trajectory List page.
the Context Explorer, properly configured dashboard widgets, and various event views. You can also
review the most recently viewed network file trajectories and the most recently detected malware from
the Network File Trajectory List page.
For more information, see the following sections:
•
•
•
•
•
•
•
•
Accessing Network File Trajectory
License:
Malware or Any
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
The Network File Trajectory List page allows you to locate files that have a SHA-256 hash value,
whether to analyze the most recently detected malware, or to track a specific threat.
whether to analyze the most recently detected malware, or to track a specific threat.
The page displays the malware most recently detected on your network, as well as the files whose
trajectory maps you have most recently viewed. From these lists, you can view when the file was most
recently seen on the network, the file’s SHA-256 hash value, name, type, current file disposition, and the
number of events associated with the file. For more information on the fields, see
trajectory maps you have most recently viewed. From these lists, you can view when the file was most
recently seen on the network, the file’s SHA-256 hash value, name, type, current file disposition, and the
number of events associated with the file. For more information on the fields, see
.
The page also contains a search box that lets you locate files, either based on SHA-256 hash value or file
name, or by the IP address of the host that transferred or received a file. After you locate a file, you can
click the
name, or by the IP address of the host that transferred or received a file. After you locate a file, you can
click the
File SHA256
value to view the detailed trajectory map. See
for more information.
Note that because you cannot use a Malware license with a DC500, nor can you enable a Malware license
on a Series 2 device, you cannot use those appliances to view file trajectories for files for which you
conduct a malware cloud lookup.
on a Series 2 device, you cannot use those appliances to view file trajectories for files for which you
conduct a malware cloud lookup.
To locate a file from the Network File Trajectory List page:
Access:
Any
Step 1
Select
Analysis > Files > Network File Trajectory
.
The Network File Trajectory List page appears, displaying the lists of recently viewed files and recent
malware.
malware.
Step 2
Optionally, you can type a complete SHA-256 hash value, host IP address, or file name of a file you want
to track into the search field and press Enter.
to track into the search field and press Enter.