Cisco Cisco Firepower Management Center 2000
6
FireSIGHT System Release Notes
New Features and Functionality
Previously Changed Functionality
The following functionality was introduced in Version 5.4.1.4:
VLAN tags are now limited to integers between 0 and 4095.
The system now supports matching SSL traffic on all port values, including values 32,768 and larger.
If the system detects a URL and cannot categorize the requested URL from prior lookup results, the system attempts a secondary URL
lookup method. If the URL can not be categorized within two seconds using the secondary URL lookup method, the system assigns
the URL the Uncategorized category and processes the URL.
lookup method. If the URL can not be categorized within two seconds using the secondary URL lookup method, the system assigns
the URL the Uncategorized category and processes the URL.
The following functionality was introduced in Version 5.4.1.2:
You must apply the same access control policy to all devices that you plan to stack or cluster before you configure the stack or cluster.
You are now able to choose to inspect traffic during policy apply to prevent network disruption.
The system no longer reports the discovery event status to the Health Policy page.
You can now create an access control policy that references either an access control rule network condition set to block all IPv6
addresses with ::/0 or a network rule set to block all IPv4 addresses with 0.0.0.0/0 is now supported.
addresses with ::/0 or a network rule set to block all IPv4 addresses with 0.0.0.0/0 is now supported.
The system now reports an event for all CPU reports when CPU usage changes from a high level to a normal state.
The following functionality was introduced in Version 5.4.1.1:
The system now clears all intrusion policy locks when you upload intrusion rules or install intrusion rule updates.
The following functionality was introduced in Version 5.4.1:
Registered ASA devices now have configurable advanced options on the Advanced tab of the Device Management page (Devices >
Device Management).
Device Management).
The show users CLI command is now supported on ASA devices.
You can configure alerts only for retrospective events or network-based malware events from the Advanced Malware Protections
Alerts tab on the Alerts page.
Alerts tab on the Alerts page.
The following features and functionality were updated in Version 5.4:
You can now view VLAN tags for connection events in the event viewer (Analysis > Connections > Events).
The system now identifies login attempts over the FTP, HTTP, and MDNS protocols.
You can now select archived connection events separately from discovery events for transmission to the eStreamer client.
The Discovery Event Health Monitor is no longer available in health policies.
Expand Packet View, previously available in Version 4.10.x, is now a configurable option in Version 5.4 via the Event View Settings
tab (Admin > User Preferences > Event View Settings).
tab (Admin > User Preferences > Event View Settings).
Importing a custom intrusion rule as an .rtf file now generates an Invalid Rules File 'rtf_rule.rtf': Must be a plain text file that is
ASCII or UTF-8 encoded warning.
ASCII or UTF-8 encoded warning.
You can now generate the following intrusion event performance graphs via the Intrusion Event Graphs page (Overview > Summary
> Intrusion Event Graphs):
> Intrusion Event Graphs):
—
ECN Flags Normalized in TCP Traffic/Packet
—
ECN Flags Normalized in TCP Traffic/Session
—
ICMPv4 Echo Normalizations