Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

153

Using the Context Explorer

Understanding the Context Explorer

Chapter 3

Note that you must have a Malware license and enable malware detection for this 

graph to include network-based malware data. Note also that neither the DC500 

Defense Center nor Series 2 devices support advanced malware detection, so 

the DC500 Defense Center cannot display this data and Series 2 devices do not 

detect it. See 

 on page 1226.

This graph draws data primarily from the File Events table.

Viewing the Top File Names Graph

: Protection or Malware

: feature dependent

: feature dependent

The Top File Names graph, in bar form, displays counts of the top unique file 

names detected in network traffic.

Hover your pointer over any part of the graph to view more detailed information. 

Click any part of the graph to filter or drill down on that information.
Note that you must have a Malware license and enable malware detection for this 

graph to include network-based malware data. Note also that neither the DC500 

Defense Center nor Series 2 devices support advanced malware detection, so 

the DC500 Defense Center cannot display this data and Series 2 devices do not 

detect it. See 

 on page 1226.

This graph draws data primarily from the File Events table.

Viewing the Files by Disposition Graph

: Protection or Malware

: feature dependent

: feature dependent

The Top File Types graph, in pie form, displays a proportional view of the malware 

dispositions for files detected in network traffic. Note that only files for which the 

Defense Center performed a malware cloud lookup (which requires a Malware 

license) have dispositions. Files that did not trigger a cloud lookup have a 

disposition of 

N/A

. The disposition 

Unavailable

 indicates that the Defense 

Center could not perform a malware cloud lookup. See