Cisco Cisco FirePOWER Appliance 8390 Notas de publicación
Version 5.2.0.1
Sourcefire 3D System Release Notes
34
Features Introduced in Previous Versions
To update any Series 2 appliance to Version 5.2.0.1 from Version 4.x, you must
reimage the appliance, which discards all events and configuration data stored on
those appliances. For more information about reimaging, see the Sourcefire 3D
System Installation Guide.
Geolocation
The geolocation feature enhances Sourcefire 3D System analysis tools with data
about the geographical sources of routable IP addresses (the country, continent,
and so on). You can use this data to determine if, for example, connections
originate from or terminate in countries unconnected with your organization.
Geolocation information is available in intrusion events, connection events, file
Geolocation information is available in intrusion events, connection events, file
events, malware events, host profiles, and user profiles. The Context Explorer
and the dashboard can also now include geolocation information.
After you install a geolocation database (GeoDB) update, you can view granular
After you install a geolocation database (GeoDB) update, you can view granular
information available for an IP address, such as postal code, coordinates, time
zone, Autonomous System Number (ASN), internet service provider (ISP), use
type (home or business), organization, domain name, connection type, and proxy
information. Note that the system does not retroactively generate data for events
logged before the update. You can also pinpoint the detected location with any of
four third-party map tools. Note that without a GeoDB update, only the flag icon
and ISO3 alpha country code appear.
Network Discovery
Two new areas of functionality have been added to network discovery for Version
5.2: IPv6 support for network discovery and support for user logoff events
generated by Version 2.1 of the Sourcefire User Agent.
IPv6 Support
Version 5.2 introduces extensive support for IPv6 addresses in features that were
previously limited (partially or completely) to IPv4 addresses. These include
adaptive profiles, auditing compliance, correlation, custom fingerprinting,
FireSIGHT recommendations, host profiles, intrusion events, IP packet
defragmentation, network discovery, the network map, network objects, and the
User Agent.
Hosts on your monitored network may now have multiple associated IP
Hosts on your monitored network may now have multiple associated IP
addresses (both IPv4 and IPv6). Most parts of the system coordinate data for
each of a host's IP addresses to give a full picture of the host's activity and to
allow you to take action against an entire host easily.
Sourcefire User Agent Logoff Detection
User Agents monitor users as they log into the network or when accounts
authenticate against Active Directory credentials for other reasons and maps
users to host IP addresses, to support user access control.