для Cisco Cisco Firepower Management Center 4000

Network and transport layers preprocessors detect exploits at the network and transport layers. Before 
packets are sent to preprocessors, the packet decoder converts packet headers and payloads into a format 
that can be easily used by the preprocessors and the rules engine; it also detects various anomalous 
behaviors in packet headers.

The Back Orifice preprocessor analyzes UDP traffic for the Back Orifice magic cookie. The portscan 
detector can be configured to report scan activity. Rate-based attack prevention can help you protect your 
network against SYN floods and an extreme number of simultaneous connections designed to 
overwhelm your network. The sensitive data preprocessor detects sensitive data such as credit card 
numbers and Social Security numbers in ASCII text.

With adaptive profiles, the system can adapt to network traffic by associating traffic with host 
information from the network map and then processing the traffic accordingly.

Global rule thresholding can prevent your system from being overwhelmed with a large number of events 
by allowing you to use thresholds to limit the number of times the system logs and displays intrusion 
events.

Checksum Verification

Detection Settings

Inline Normalization

IP Defragmentation

Packet Decoding

TCP Stream Configuration

UDP Stream Configuration

Back Orifice Detection

Portscan Detection

Rate-Based Attack Prevention

Sensitive Data Detection

Adaptive Profiles