Cisco Cisco Firepower Management Center 4000
34-32
FireSIGHT System User Guide
Chapter 34 Analyzing Malware and File Activity
Working with Network File Trajectory
Trajectory Map
License:
Malware or Any
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
A file’s trajectory map visually tracks a file from the first detection on your network to the most recent.
The map shows when hosts transferred or received the file, how often they transferred the file, and when
the file was blocked or quarantined. The map also shows how often file events occurred for the file and
when the system assigned the file a disposition or retrospective disposition. You can select a data point
The map shows when hosts transferred or received the file, how often they transferred the file, and when
the file was blocked or quarantined. The map also shows how often file events occurred for the file and
when the system assigned the file a disposition or retrospective disposition. You can select a data point
Current Disposition
One of the following file dispositions:
•
Malware
indicates that the cloud categorized the file as malware, or that the file’s threat score
exceeded the malware threshold defined in the file policy.
•
Clean
indicates that the cloud categorized the file as clean, or that a user added the file to the
clean list.
•
Unknown
indicates that a malware cloud lookup occurred before the cloud assigned a
disposition. The file is uncategorized.
•
Custom Detection
indicates that a user added the file to the custom detection list.
•
Unavailable
indicates that the Defense Center could not perform a malware cloud lookup.
•
N/A
indicates a Detect Files or Block Files rule handled the file and the Defense Center did
not perform a malware cloud lookup.
Click the edit icon (
) to add the file to or remove the file from the clean list or custom detection
list.
This field only appears for network-based malware events.
Threat Name
Name of the malware threat associated with the file.
This field only appears for endpoint-based malware events.
Threat Score
The file’s threat score:
•
Low
(
)
•
Medium
(
)
•
High
(
)
•
Very High
(
).
Click the threat score icon to view the Dynamic Analysis Summary report, click the threat score
icon.
icon.
Click the threat score link to view all captured files with that threat score.
Click the cloud icon (
) to submit the file to the cloud for dynamic analysis. If the file is
unavailable for submission or you cannot connect to the cloud, this icon is greyed out.
Table 34-9
Network File Trajectory Summary Information Fields (continued)
Name
Description