Cisco Cisco FirePOWER Appliance 8390
55-3
FireSIGHT System User Guide
Chapter 55 Using Health Monitoring
Understanding Health Monitoring
a health policy to that device. For more information on the Cisco-provided default health policy for your
appliances, see
appliances, see
. For more information on creating
customized health policies, see
. For details on applying policies, see
For more information on health policies and the health modules you can run to test system health, see
the following topics:
the following topics:
•
•
•
Understanding Health Policies
License:
Any
A health policy is a collection of health module settings you apply to an appliance to define the criteria
that the Defense Center uses when checking the health of the appliance. The health monitor tracks a
variety of health indicators to ensure that your FireSIGHT System hardware and software are working
correctly.
that the Defense Center uses when checking the health of the appliance. The health monitor tracks a
variety of health indicators to ensure that your FireSIGHT System hardware and software are working
correctly.
When you create health policies, you choose which tests to run to determine appliance health. You can
also apply the default health policy to any appliance.
also apply the default health policy to any appliance.
Understanding Health Modules
License:
Any
Health modules, also sometimes referred to as health tests, are scripts that test for the criteria you specify
in a health policy. The available health modules are described in the following table.
in a health policy. The available health modules are described in the following table.
Table 55-1
Health Modules
Module
Description
Advanced Malware
Protection
Protection
This module alerts if the Defense Center cannot contact the Collective Security Intelligence
Cloud, either to retrieve file disposition information for files detected in network traffic or to
submit files for dynamic analysis, or if an excessive number of files are detected in network
traffic, based on the file policy configuration.
Cloud, either to retrieve file disposition information for files detected in network traffic or to
submit files for dynamic analysis, or if an excessive number of files are detected in network
traffic, based on the file policy configuration.
This module runs on all Defense Centers except the DC500, which does not support advanced
malware protection.
malware protection.
Appliance Heartbeat
This module determines if an appliance heartbeat is being heard from the appliance and alerts
based on the appliance heartbeat status.
based on the appliance heartbeat status.
Automatic Application
Bypass Status
Bypass Status
This module determines if an appliance has been bypassed because it did not respond within the
number of seconds set in the bypass threshold, and alerts when a bypass occurs.
number of seconds set in the bypass threshold, and alerts when a bypass occurs.
CPU Usage
This module checks that the CPU on the appliance is not overloaded and alerts when CPU usage
exceeds the percentages configured for the module.
exceeds the percentages configured for the module.
This module is not available for health policies applied to 3D9900 devices.
Card Reset
This module checks for network cards which have restarted due to hardware failure and alerts
when a reset occurs.
when a reset occurs.