Cisco Cisco Firepower Management Center 4000

feature dependent

feature dependent

As you review captured files, file events, and malware events, you can view a file’s trajectory map from 
the Context Explorer, properly configured dashboard widgets, and various event views. You can also 
review the most recently viewed network file trajectories and the most recently detected malware from 
the Network File Trajectory List page.

For more information, see the following sections:

Malware or Any

feature dependent

feature dependent

The Network File Trajectory List page allows you to locate files that have a SHA-256 hash value, 
whether to analyze the most recently detected malware, or to track a specific threat. 

The page displays the malware most recently detected on your network, as well as the files whose 
trajectory maps you have most recently viewed. From these lists, you can view when the file was most 
recently seen on the network, the file’s SHA-256 hash value, name, type, current file disposition, and the 
number of events associated with the file. For more information on the fields, see 

.

The page also contains a search box that lets you locate files, either based on SHA-256 hash value or file 
name, or by the IP address of the host that transferred or received a file. After you locate a file, you can 
click the 

 value to view the detailed trajectory map. See 

 for more information.

Note that because you cannot use a Malware license with a DC500, nor can you enable a Malware license 
on a Series 2 device, you cannot use those appliances to view file trajectories for files for which you 
conduct a malware cloud lookup.

Any

Select 

.

The Network File Trajectory List page appears, displaying the lists of recently viewed files and recent 
malware.

Optionally, you can type a complete SHA-256 hash value, host IP address, or file name of a file you want 
to track into the search field and press Enter.