Cisco Cisco FirePOWER Appliance 7020
Version 5.3.0.2
Sourcefire 3D System Release Notes
37
Features Introduced in Previous Versions
5.3
The following features and functionality were introduced in Version 5.3:
File Capture and Storage
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
The file capture feature provides the ability to automatically carve files of interest
out of network traffic based on the file type or the file disposition. Once captured,
the files can either be stored locally on FirePOWER appliances or automatically
submitted for additional malware analysis using Sourcefire’s cloud-based
sandboxing technology, dynamic analysis.
File capture is configured as part of a file policy and each file has a SHA-256
File capture is configured as part of a file policy and each file has a SHA-256
calculated to uniquely identify files and reduce duplicates in file storage. Captured
files are stored on the primary hard drive of the FirePOWER appliance.
You can manually submit captured files for dynamic analysis or download them
You can manually submit captured files for dynamic analysis or download them
from the FirePOWER appliance through event table views, the network file
trajectory feature, and the captured files table view.
Dynamic Analysis, Threat Scores, and Summary Reports
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Version 5.3 introduced dynamic analysis, a feature that maximizes your ability to
quickly identify new zero-day malicious behavior on your network through the use
of cloud-based technology. When configured, you can submit previously unseen
files with an unknown disposition to the Sourcefire cloud for an in-depth analysis
of the file’s behavior. Based on that behavior, a threat score is determined and
communicated back to the Defense Center. The higher the threat score, the more
likely the file is malicious and action can be taken based on threat score levels.
Sourcefire also provided a related dynamic analysis summary report that provides
Sourcefire also provided a related dynamic analysis summary report that provides
details on the analysis and why the threat score was assigned to the file. This
additional information helps you identify malware and fine tune your detection
capabilities.
You can configure your system to automatically capture and send files for
You can configure your system to automatically capture and send files for
dynamic analysis, or you can submit them for analysis on demand.