Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1297
Working with Malware Protection and File Control
Working with Network File Trajectory
Chapter 31
file, you can download it locally, submit the file for dynamic analysis, or add the
file to a file list.
TIP!
To view related file events, click a field value link. The first page in the File
Events default workflow opens in a new window, displaying all file events that
also contain the selected value.
The following table describes the summary information fields.
Network File Trajectory Summary Information Fields
N
AME
D
ESCRIPTION
File SHA256
The SHA-256 hash value of the file.
The hash is displayed by default in a condensed format.
The hash is displayed by default in a condensed format.
To view the full hash value, hover your pointer over it. If
multiple SHA-256 hash values are associated with a file
name, hover your pointer over the link to view all of the
hash values.
Click the download file icon (
) to download the file to
your local computer. If prompted, confirm you want to
download the file. Follow your browser’s prompts to
save the file. If the file is unavailable for download, this
icon is grayed out.
WARNING!
Sourcefire strongly recommends you do not
download malware, as it can cause adverse
consequences. Exercise caution when downloading
any file, as it may contain malware. Ensure you have
taken any necessary precautions to secure the
download destination before downloading files.
File Names
The names of the file associated with the event, as
seen on the network.
If multiple file names are associated with a SHA-256
If multiple file names are associated with a SHA-256
hash value, the most recent detected file name is
listed. You can expand this to view the remaining file
names by clicking
more
.
File Type
The file type of the file, for example,
HTML
or
MSEXE
.
File Category
The general categories of file type, for example,
Office
Documents
or
System Files
.