Cisco Cisco FirePOWER Appliance 7030 Notas de publicación
Version 5.3.0.5
Sourcefire 3D System Release Notes
41
Features Introduced in Previous Versions
This feature introduced Sourcefire-provided Indications of Compromise (IOC)
rules that allow you to control whether the system generates IOC events for
particular types of compromise and correlates those events with the host
involved. At the time of event generation, the system sets an IOC tag on the
affected host impacted by that IOC event. Hosts that have the most IOC events
associated with them from unique detection sources are those that are most
likely compromised. Once you have resolved the breach, the IOC tags are
removed. IOC events and host tags are viewable in the host profile, network map,
Context Explorer, dashboard, and event viewers.
Enhanced Security Intelligence Event Storage and Views
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
If your system is configured to blacklist traffic or monitor blacklisted traffic based
on Security Intelligence data, you can now view Security Intelligence events in
dashboards and in the Context Explorer. Security Intelligence events, although
similar to connection events, are stored and pruned separately and have their own
event view, workflows, and Custom Analysis dashboard widget presets.
Simplified Intrusion Policy Variable Management
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Any
S
UPPORTED
D
EFENSE
C
ENTERS
: Any
The addition of variable sets streamlines and centralizes variable management in
the object manager. You create custom variable sets and customize the default
variable set to suit your network environment. The default variable set functions
as a master key, containing both Sourcefire-provided default variables and
user-created custom variables, and can be used to populate custom variable sets.
Customizing a variable in this set propagates the change to all other variable sets
containing that variable.
The update from Version 5.2 to Version 5.3 automatically transitions existing
The update from Version 5.2 to Version 5.3 automatically transitions existing
variables into variable sets. Existing system level variables become custom
variables within the default variable set. Custom variables configured at the
intrusion policy level are grouped by intrusion policy into new custom variable
sets.
Geolocation and Access Control
L
ICENSE
: FireSIGHT
S
UPPORTED
D
EVICES
: Series 3, Virtual
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Version 5.3 introduced the ability to filter traffic by source or destination countries
from within your access control policy. To take advantage of geolocation filtering,
specify the individual countries or reference a geolocation object in an access
control policy rule.
Geolocation objects are configured in the object manager and represent one or
Geolocation objects are configured in the object manager and represent one or
more countries that your system has identified in traffic on your monitored