Cisco Cisco Firepower Management Center 4000
37-24
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with Malware Detections in the Host Profile
The Edit Shared Profiles page appears. The fields on the page are pre-populated based on the information
in the host profile you accessed.
in the host profile you accessed.
Step 3
Modify and save the shared host profile according to your specific needs.
For more information on creating shared host profiles for compliance white lists, see
Working with Malware Detections in the Host Profile
License:
FireSIGHT and Malware
The Most Recent Malware Detections section lists the most recent malware events where the host sent
or received a malware file, up to 100 events. The host profile lists both network-based and
endpoint-based malware events.
or received a malware file, up to 100 events. The host profile lists both network-based and
endpoint-based malware events.
If the host is involved in a file event where the file is then retrospectively identified as malware, the
original events where the file was transmitted appear in the malware detections list after the malware
identification occurs. When a file identified as malware is retrospectively determined not to be malware,
the malware events related to that file no longer appear in the list. For example, if a file has a disposition
of
original events where the file was transmitted appear in the malware detections list after the malware
identification occurs. When a file identified as malware is retrospectively determined not to be malware,
the malware events related to that file no longer appear in the list. For example, if a file has a disposition
of
Malware
and that disposition changes to
Clean
, the event for that file is removed from the malware
detections list on the host profile. For more information on malware events, see
Description of the columns in the Most Recent Malware Detections sections of the host profile follow.
Time
The date and time the event was generated.
For an event where the file was retrospectively identified as malware, note that this is the time of the
original event, not the time when the malware was identified.
original event, not the time when the malware was identified.
Host Role
The host’s role in the transmission of detected malware, either sender or receiver. Note that for
endpoint-based malware events, the host is always the receiver.
endpoint-based malware events, the host is always the receiver.
Threat Name
The name of the detected malware.
File Name
The name of the malware file.
File Type
The type of file; for example,
PDF
or
MSEXE
.
When viewing malware detections in the host profile, you can view malware events for that host in the
event viewer. To view events, click the malware icon (
event viewer. To view events, click the malware icon (
).
Working with Vulnerabilities in the Host Profile
License:
FireSIGHT