Cisco Cisco Firepower Management Center 4000
5-33
FireSIGHT System User Guide
Chapter 5 Managing Reusable Objects
Working with File Lists
•
•
•
•
Uploading Multiple SHA-256 Values to a File List
License:
Malware
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
Any except DC500
You can add multiple SHA-256 values to a file list by uploading a comma-separated value (CSV) source
file containing a list of SHA-256 values and descriptions. The Defense Center validates the contents and
populates the file list with valid SHA-256 values.
file containing a list of SHA-256 values and descriptions. The Defense Center validates the contents and
populates the file list with valid SHA-256 values.
The source file must be a simple text file with a .csv file name extension. Any header must start with a
pound sign (
pound sign (
#
); it is treated as a comment and not uploaded. Each entry should contain a single SHA-256
value followed by a description of up to 256 alphanumeric or special characters and end with either the
LF
or
CR+LF
Newline character. The system ignores any additional information in the entry.
Note the following:
•
Deleting a source file from the file list also removes all associated SHA-256 hashes from the file list.
•
You cannot upload multiple files to a file list if the successful source file upload results in the file
list containing more than 10000 distinct SHA-256 values.
list containing more than 10000 distinct SHA-256 values.
•
The system truncates descriptions exceeding 256 characters to the first 256 characters on upload. If
the description contains commas, you must use an escape character (
the description contains commas, you must use an escape character (
\,
). If no description is
included, the source file name is used instead.
•
If a file list contains a SHA-256 value, and you upload a source file containing that value, the newly
uploaded value does not modify the existing SHA-256 value. When viewing captured files, file
events, or malware events related to the SHA-256 value, any threat name or description is derived
from the individual SHA-256 value.
uploaded value does not modify the existing SHA-256 value. When viewing captured files, file
events, or malware events related to the SHA-256 value, any threat name or description is derived
from the individual SHA-256 value.
•
The system does not upload invalid SHA-256 values in a source file.
•
If multiple uploaded source files contain an entry for the same SHA-256 value, the system uses the
most recent value.
most recent value.
•
If a source file contains multiple entries for the same SHA-256 value, the system uses the last one.
•
You cannot directly edit a source file within the object manager. To make changes, you must first
modify your source file directly, delete the copy on the system, then upload the modified source file.
See
modify your source file directly, delete the copy on the system, then upload the modified source file.
See
for more information.
To upload a source file to a file list:
Access:
Admin/Any Security Analyst
Step 1
Select
Objects > Object Management
.
The Object Management page appears.
Step 2
Click
File List
.
The File List section appears.