Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1297

Working with Malware Protection and File Control

Working with Network File Trajectory

Chapter 31

file, you can download it locally, submit the file for dynamic analysis, or add the

file to a file list.

TIP!

To view related file events, click a field value link. The first page in the File

Events default workflow opens in a new window, displaying all file events that

also contain the selected value.

The following table describes the summary information fields.

Network File Trajectory Summary Information Fields

AME

ESCRIPTION

File SHA256

The SHA-256 hash value of the file.
The hash is displayed by default in a condensed format.

To view the full hash value, hover your pointer over it. If

multiple SHA-256 hash values are associated with a file

name, hover your pointer over the link to view all of the

hash values.

Click the download file icon (

) to download the file to

your local computer. If prompted, confirm you want to

download the file. Follow your browser’s prompts to

save the file. If the file is unavailable for download, this

icon is grayed out.

WARNING!

Sourcefire strongly recommends you do not

download malware, as it can cause adverse

consequences. Exercise caution when downloading

any file, as it may contain malware. Ensure you have

taken any necessary precautions to secure the

download destination before downloading files.

File Names

The names of the file associated with the event, as

seen on the network.
If multiple file names are associated with a SHA-256

hash value, the most recent detected file name is

listed. You can expand this to view the remaining file

names by clicking

File Type

The file type of the file, for example,

HTML

MSEXE

File Category

The general categories of file type, for example,

Office

Documents

System Files