Примечания к выпускуСодержаниеUpdates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update13Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16Uninstalling the Update and Online Help16After the Uninstallation16Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.220Issues Resolved in Previous Updates21Version 5.2.0.121Version 5.222Known Issues28Known Issues Discovered in Previous Releases29Features Introduced in Previous Versions315.2.x.x315.231Advanced Malware Protection31Malware Blocking31Network File Trajectory32Next-Generation Firewall (NGFW)32Clustered State Sharing32Gateway VPN33Policy-Based NAT34Clustered Stacking34Drop BPDUs Support35Series 2 Device Reimaging35Geolocation35Network Discovery36IPv6 Support36Sourcefire User Agent Logoff Detection36Access Control36Source Ports in Access Control Rules36ICMP Types and Codes in Access Control Rules36SSL Application Detection37URL Blocking based on SSL Common Name37Updates to API Support37eStreamer and Database Access Updates37Extended Rule Documentation37For Assistance38Legal Notices38Terms of Use Applicable to the User Documentation38Terms Of Use and Copyright and Trademark Notices38Размер: 227,6 КБСтраницы: 38Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеNew and Updated Features and Functionality2Updates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes3Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update4Traffic Inspection and Link State4Switching and Routing5Product Compatibility5Web Browser Compatibility5Screen Resolution Compatibility6Updating Your Appliances6Planning the Update6Sourcefire 3D System Version Requirements7Operating System Requirements7Time and Disk Space Requirements7Configuration and Event Backup Guidelines8When to Perform the Update8Installation Method8Order of Installation8Installing the Update on Clustered Devices8Installing the Update on Stacked Devices9Installing the Update on X-Series Devices9After the Installation9Updating Managed Devices and Sourcefire Software for X-Series10Uninstalling the Update13Planning the Uninstallation13Uninstallation Method13Order of Uninstallation13Uninstalling the Update from Clustered or Paired Appliances13Uninstalling the Update from Stacked Devices14Uninstalling the Update from Devices Deployed Inline14Uninstalling the Update from Sourcefire Software for X-Series14After the Uninstallation14Uninstalling the Update from a Managed Device15Uninstalling the Update from a Virtual Managed Device16Uninstalling the Update from Sourcefire Software for X-Series17Resolved Issues18Issues Resolved in Previous Updates18Version 5.3.0.4:19Version 5.3.0.3:19Version 5.3.0.123Version 5.325Known Issues28Known Issues Reported in Previous Releases29Features Introduced in Previous Versions385.3.0.x385.338File Capture and Storage38Dynamic Analysis, Threat Scores, and Summary Reports39Custom Detection39Spero Engine40SMB File Detection40AMP Cloud Connectivity40Host and Event Correlation IOC Style (Indications of Compromise)40Enhanced Security Intelligence Event Storage and Views41Simplified Intrusion Policy Variable Management41Geolocation and Access Control41URL Filtering License Change428300 Family of Series 3 FirePOWER Appliances42Dedicated AMP Appliances42Disk Manager Improvements42Malware Storage Packs42Sourcefire Software for X-Series43Virtual Appliance Initial Setup Improvements43Changed Functionality43For Assistance45Legal Notices45Размер: 310,4 КБСтраницы: 46Язык: EnglishПросмотреть
Информация о лицензированииСодержание1. Introduction32. Overview42.1. Management Information42.2. Retransmission of Requests42.3. Message Sizes42.4. Transport Mappings52.5. SMIv2 Data Type Mappings63. Definitions64. Protocol Specification94.1. Common Constructs94.2. PDU Processing104.2.1. The GetRequest-PDU104.2.2. The GetNextRequest-PDU114.2.2.1. Example of Table Traversal124.2.3. The GetBulkRequest-PDU144.2.3.1. Another Example of Table Traversal174.2.4. The Response-PDU184.2.5. The SetRequest-PDU194.2.6. The SNMPv2-Trap-PDU224.2.7. The InformRequest-PDU235. Notice on Intellectual Property246. Acknowledgments247. Security Considerations268. References268.1. Normative References268.2. Informative References279. Changes from RFC 19052810. Editor's Address3011. Full Copyright Statement31Размер: 14,7 МБСтраницы: 8426Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеNew and Updated Features and Functionality2Changed Functionality2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements6Virtual Appliance Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method8Order of Installation8Installing the Update on Paired Defense Centers8Installing the Update on Clustered Devices8Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation9Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update14Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16After the Uninstallation16Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.620Issues Resolved in Previous Updates22Version 5.2.0.522Version 5.2.0.422Version 5.2.0.323Version 5.2.0.224Version 5.2.0.125Version 5.226Known Issues31Known Issues Reported in Previous Releases32Features Introduced in Previous Versions375.2.x.x375.237Advanced Malware Protection37Malware Blocking37Network File Trajectory38Next-Generation Firewall (NGFW)38Clustered State Sharing38Gateway VPN39Policy-Based NAT40Clustered Stacking40Drop BPDUs Support41Series 2 Device Reimaging41Geolocation41Network Discovery42IPv6 Support42Sourcefire User Agent Logoff Detection42Access Control42Source Ports in Access Control Rules42ICMP Types and Codes in Access Control Rules43SSL Application Detection43URL Blocking based on SSL Common Name43Updates to API Support43eStreamer and Database Access Updates43Extended Rule Documentation43For Assistance43Legal Notices44Размер: 261,7 КБСтраницы: 45Язык: EnglishПросмотреть
Руководство По УстановкеСодержаниеCisco Firepower 8000 Series Getting Started Guide1Package Contents1Chassis Models1Included Items3Network Modules3Configurable Bypass3Non-bypass4Stacking Module4Device Stacks5Using the 8000 Series Stacking Cable5Cabling Diagrams6Deploying the Appliance7Cabling the Device7Connecting the Sensing Interfaces8Passive Interface Cabling8Inline Interface Cabling9Installing the Firepower 8000 Series Device9Initial Device Setup11Initial Setup Using the Web Interface12Initial Setup Using the CLI15Register a Firepower Device to a Management Center Using the CLI16Next Steps17Redirecting Console Output18Using the Shell to Redirect the Console Output18Using the Web Interface to Redirect the Console Output18Restoring a Device to Factory Defaults19Before You Begin19Configuration and Event Backup Guidelines19Traffic Flow During the Restore Process19Understanding the Restore Process19Obtaining the Restore ISO and Update Files20Beginning the Restore Process21Starting the Restore Utility Using KVM or Physical Serial Port21Starting the Restore Utility Using Lights-Out Management22Using the Interactive Menu to Restore an Appliance23Identifying the Appliance’s Management Interface25Specifying ISO Image Location and Transport Method25Updating System Software and Intrusion Rules During Restore26Downloading the ISO and Update Files and Mounting the Image27Invoking the Restore Process27Saving and Loading Restore Configurations29Next Steps30Setting Up Lights-Out Management30Enabling LOM and LOM Users32Installing an IPMI Utility32Scrubbing the Hard Drive33Related Documentation33Размер: 2,3 МБСтраницы: 34Язык: EnglishПросмотреть
Информация о лицензированииСодержание1. Introduction32. Overview42.1. Management Information42.2. Retransmission of Requests42.3. Message Sizes42.4. Transport Mappings52.5. SMIv2 Data Type Mappings63. Definitions64. Protocol Specification94.1. Common Constructs94.2. PDU Processing104.2.1. The GetRequest-PDU104.2.2. The GetNextRequest-PDU114.2.2.1. Example of Table Traversal124.2.3. The GetBulkRequest-PDU144.2.3.1. Another Example of Table Traversal174.2.4. The Response-PDU184.2.5. The SetRequest-PDU194.2.6. The SNMPv2-Trap-PDU224.2.7. The InformRequest-PDU235. Notice on Intellectual Property246. Acknowledgments247. Security Considerations268. References268.1. Normative References268.2. Informative References279. Changes from RFC 19052810. Editor's Address3011. Full Copyright Statement31Размер: 12,5 МБСтраницы: 7263Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеUpdates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements6Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices8Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update13Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16Uninstalling the Update and Online Help16After the Uninstallation17Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.120Issues Resolved in Previous Updates21Version 5.221Known Issues27Known Issues Discovered in Previous Releases28Features Introduced in Previous Versions295.229Advanced Malware Protection29Malware Blocking30Network File Trajectory30Next-Generation Firewall (NGFW)31Clustered State Sharing31Gateway VPN31Policy-Based NAT32Clustered Stacking33Drop BPDUs Support33Series 2 Device Reimaging33Geolocation34Network Discovery34IPv6 Support34Sourcefire User Agent Logoff Detection34Access Control35Source Ports in Access Control Rules35ICMP Types and Codes in Access Control Rules35SSL Application Detection35URL Blocking based on SSL Common Name35Updates to API Support35eStreamer and Database Access Updates35Extended Rule Documentation36For Assistance36Legal Notices36Terms of Use Applicable to the User Documentation36Terms Of Use and Copyright and Trademark Notices36Размер: 221,3 КБСтраницы: 37Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеUpdates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements5Time and Disk Space Requirements6Configuration and Event Backup Guidelines6When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating a Managed Device11Using the Shell to Perform the Update13Uninstalling the Update15Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices16Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16Uninstalling the Update and Online Help16After the Uninstallation16Uninstalling the Update from a Managed Device17Uninstalling the Update from a Virtual Managed Device18Uninstalling the Update from a Defense Center19Issues Resolved in Version 5.2.0.320Issues Resolved in Previous Updates22Version 5.2.0.222Version 5.2.0.122Version 5.223Known Issues29Known Issues Discovered in Previous Releases31Features Introduced in Previous Versions335.2.x.x345.234Advanced Malware Protection34Malware Blocking34Network File Trajectory34Next-Generation Firewall (NGFW)35Clustered State Sharing35Gateway VPN36Policy-Based NAT36Clustered Stacking37Drop BPDUs Support37Series 2 Device Reimaging38Geolocation38Network Discovery38IPv6 Support39Sourcefire User Agent Logoff Detection39Access Control39Source Ports in Access Control Rules39ICMP Types and Codes in Access Control Rules39SSL Application Detection39URL Blocking based on SSL Common Name40Updates to API Support40eStreamer and Database Access Updates40Extended Rule Documentation40For Assistance40Legal Notices40Terms of Use Applicable to the User Documentation40Terms Of Use and Copyright and Trademark Notices41Размер: 241,7 КБСтраницы: 41Язык: EnglishПросмотреть
Информация о лицензированииСодержание1. Introduction32. Overview42.1. Management Information42.2. Retransmission of Requests42.3. Message Sizes42.4. Transport Mappings52.5. SMIv2 Data Type Mappings63. Definitions64. Protocol Specification94.1. Common Constructs94.2. PDU Processing104.2.1. The GetRequest-PDU104.2.2. The GetNextRequest-PDU114.2.2.1. Example of Table Traversal124.2.3. The GetBulkRequest-PDU144.2.3.1. Another Example of Table Traversal174.2.4. The Response-PDU184.2.5. The SetRequest-PDU194.2.6. The SNMPv2-Trap-PDU224.2.7. The InformRequest-PDU235. Notice on Intellectual Property246. Acknowledgments247. Security Considerations268. References268.1. Normative References268.2. Informative References279. Changes from RFC 19052810. Editor's Address3011. Full Copyright Statement31Размер: 7,1 МБСтраницы: 3886Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеBefore You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility5Updating Your Appliances5Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements6Time and Disk Space Requirements6Configuration and Event Backup Guidelines7When to Perform the Update7Installation Method7Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices8Installing the Update on Clustered Stacks8After the Installation8Updating a Defense Center9Updating Managed Devices11Using the Shell to Perform the Update13Uninstalling the Update14Planning the Uninstallation15Uninstallation Method15Order of Uninstallation15Uninstalling the Update from Clustered or Paired Appliances15Uninstalling the Update from Stacked Devices15Uninstalling the Update from Clustered Stacks16Uninstalling the Update from Devices Deployed Inline16After the Uninstallation16Uninstalling the Update from a Managed Device16Uninstalling the Update from a Defense Center18Issues Resolved in Version 5.2.0.519Issues Resolved in Previous Updates19Version 5.2.0.420Version 5.2.0.320Version 5.2.0.221Version 5.2.0.122Version 5.223Known Issues29Known Issues Reported in Previous Releases29Features Introduced in Previous Versions345.2.x.x345.234Advanced Malware Protection34Malware Blocking34Network File Trajectory35Next-Generation Firewall (NGFW)35Clustered State Sharing35Gateway VPN36Policy-Based NAT37Clustered Stacking37Drop BPDUs Support38Series 2 Device Reimaging38Geolocation38Network Discovery39IPv6 Support39Sourcefire User Agent Logoff Detection39Access Control39Source Ports in Access Control Rules39ICMP Types and Codes in Access Control Rules40SSL Application Detection40URL Blocking based on SSL Common Name40Updates to API Support40eStreamer and Database Access Updates40Extended Rule Documentation40For Assistance41Legal Notices41Размер: 287,4 КБСтраницы: 42Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеNew and Updated Features and Functionality2XFF Header Priority2Changed Functionality2Updates to Sourcefire Documentation3Before You Begin: Important Update and Compatibility Notes3Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update4Traffic Inspection and Link State4Switching and Routing5Product Compatibility5Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances6Planning the Update6Sourcefire 3D System Version Requirements6Operating System Requirements6Time and Disk Space Requirements7Configuration and Event Backup Guidelines8When to Perform the Update8Installation Method8Order of Installation8Installing the Update on Paired Defense Centers8Installing the Update on Clustered Devices9Installing the Update on Stacked Devices9Installing the Update on X-Series Devices9After the Installation9Updating a Defense Center10Updating Managed Devices and Sourcefire Software for X-Series12Using the Shell to Perform the Update15Uninstalling the Update16Planning the Uninstallation17Uninstallation Method17Order of Uninstallation17Uninstalling the Update from Clustered or Paired Appliances17Uninstalling the Update from Stacked Devices17Uninstalling the Update from Devices Deployed Inline18Uninstalling the Update from Sourcefire Software for X-Series18After the Uninstallation18Uninstalling the Update from a Managed Device18Uninstalling the Update from a Virtual Managed Device20Uninstalling the Update from Sourcefire Software for X-Series20Uninstalling the Update from a Defense Center21Issues Resolved in Version 5.3.0.223Issues Resolved in Previous Updates25Version 5.3.0.125Version 5.327Known Issues30Known Issues Reported in Previous Releases32Features Introduced in Previous Versions365.3.0.x365.337File Capture and Storage37Dynamic Analysis, Threat Scores, and Summary Reports37Custom Detection38Spero Engine38SMB File Detection38AMP Cloud Connectivity39Host and Event Correlation IOC Style (Indications of Compromise)39Enhanced Security Intelligence Event Storage and Views39Simplified Intrusion Policy Variable Management40Geolocation and Access Control40URL Filtering License Change408300 Family of Series 3 FirePOWER Appliances40Dedicated AMP Appliances41Disk Manager Improvements41Malware Storage Packs41Sourcefire Software for X-Series41Virtual Appliance Initial Setup Improvements42Changed Functionality42For Assistance43Legal Notices44Размер: 273,8 КБСтраницы: 45Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеNew and Updated Features and Functionality2Updates to Sourcefire Documentation2Before You Begin: Important Update and Compatibility Notes3Configuration and Event Backup Guidelines3Traffic Flow and Inspection During the Update3Traffic Inspection and Link State4Switching and Routing4Product Compatibility4Web Browser Compatibility5Screen Resolution Compatibility5Updating Your Appliances6Planning the Update6Sourcefire 3D System Version Requirements6Operating System Requirements6Time and Disk Space Requirements7Configuration and Event Backup Guidelines7When to Perform the Update8Installation Method8Order of Installation8Installing the Update on Clustered Devices8Installing the Update on Stacked Devices8Installing the Update on X-Series Devices8After the Installation9Updating Managed Devices and Sourcefire Software for X-Series9Uninstalling the Update12Planning the Uninstallation12Uninstallation Method12Order of Uninstallation12Uninstalling the Update from Clustered or Paired Appliances12Uninstalling the Update from Stacked Devices13Uninstalling the Update from Devices Deployed Inline13Uninstalling the Update from Sourcefire Software for X-Series13After the Uninstallation13Uninstalling the Update from a Managed Device14Uninstalling the Update from a Virtual Managed Device15Uninstalling the Update from Sourcefire Software for X-Series16Resolved Issues17Issues Resolved in Previous Updates18Version 5.3.0.5:18Version 5.3.0.4:18Version 5.3.0.3:19Version 5.3.0.123Version 5.325Known Issues28Known Issues Reported in Previous Releases28Features Introduced in Previous Versions385.3.0.x385.338File Capture and Storage38Dynamic Analysis, Threat Scores, and Summary Reports39Custom Detection39Spero Engine40SMB File Detection40AMP Cloud Connectivity40Host and Event Correlation IOC Style (Indications of Compromise)40Enhanced Security Intelligence Event Storage and Views41Simplified Intrusion Policy Variable Management41Geolocation and Access Control41URL Filtering License Change428300 Family of Series 3 FirePOWER Appliances42Dedicated AMP Appliances42Disk Manager Improvements42Malware Storage Packs42Sourcefire Software for X-Series43Virtual Appliance Initial Setup Improvements43Changed Functionality43For Assistance45Legal Notices45Размер: 292,6 КБСтраницы: 46Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеNew and Updated Features and Functionality2Advanced Malware Protection Features2File Capture and Storage2Dynamic Analysis, Threat Scores, and Summary Reports3Custom Detection3Spero Engine4SMB File Detection4AMP Cloud Connectivity4Next-Generation Intrusion Prevention (NGIPS) Features5Host and Event Correlation IOC Style (Indications of Compromise)5Enhanced Security Intelligence Event Storage and Views5Simplified Intrusion Policy Variable Management5Next-Generation Firewall (NGFW) Features6Geolocation and Access Control6URL Filtering License Change6FirePOWER Appliance Features68300 Family of Series 3 FirePOWER Appliances6Dedicated AMP Appliances7Disk Manager Improvements7Malware Storage Packs7Platform Support Features7Sourcefire Software for X-Series7Virtual Appliance Initial Setup Improvements8Changed Functionality8Updates to Sourcefire Documentation10Before You Begin: Important Update and Compatibility Notes10Configuration and Event Backup Guidelines11Traffic Flow and Inspection During the Update11Traffic Inspection and Link State12Switching and Routing12Audit Logging During the Update12Product Compatibility13Web Browser Compatibility13Screen Resolution Compatibility13Returning to a Previous Version13Updating Your Appliances13Planning the Update14Sourcefire 3D System Version Requirements14Operating System Requirements15Time and Disk Space Requirements15Configuration and Event Backup Guidelines16When to Perform the Update16Installation Method16Order of Installation17Installing the Update on Paired Defense Centers17Installing the Update on Clustered Devices17Installing the Update on Stacked Devices17X-Series Devices17After the Installation18Updating a Defense Center19Updating Managed Devices21Using the Shell to Perform the Update23Issues Resolved in Version 5.325Known Issues27For Assistance32Legal Notices32Размер: 217,3 КБСтраницы: 33Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеBefore You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines2Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility4Updating Your Appliances4Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements5Time and Disk Space Requirements5Configuration and Event Backup Guidelines6When to Perform the Update6Installation Method6Order of Installation7Installing the Update on Paired Defense Centers7Installing the Update on Clustered Devices7Installing the Update on Stacked Devices7Installing the Update on Clustered Stacks7After the Installation8Updating a Defense Center8Updating Managed Devices10Uninstalling the Update12Planning the Uninstallation13Uninstallation Method13Order of Uninstallation13Uninstalling the Update from Clustered or Paired Appliances13Uninstalling the Update from Stacked Devices13Uninstalling the Update from Clustered Stacks14Uninstalling the Update from Devices Deployed Inline14After the Uninstallation14Uninstalling the Update from a Managed Device14Uninstalling the Update from a Virtual Managed Device16Uninstalling the Update from a Defense Center16Issues Resolved in Version 5.2.0.818Issues Resolved in Previous Updates19Version 5.2.0.719Version 5.2.0.619Version 5.2.0.520Version 5.2.0.421Version 5.2.0.321Version 5.2.0.223Version 5.2.0.123Version 5.224Known Issues30Known Issues Reported in Previous Releases30Features Introduced in Previous Versions365.2.x.x365.236Advanced Malware Protection36Malware Blocking36Network File Trajectory37Next-Generation Firewall (NGFW)37Clustered State Sharing37Gateway VPN38Policy-Based NAT38Clustered Stacking39Drop BPDUs Support39Series 2 Device Reimaging40Geolocation40Network Discovery41IPv6 Support41Sourcefire User Agent Logoff Detection41Access Control41Source Ports in Access Control Rules41ICMP Types and Codes in Access Control Rules41SSL Application Detection42URL Blocking based on SSL Common Name42Updates to API Support42eStreamer and Database Access Updates42Extended Rule Documentation42For Assistance42Legal Notices43Размер: 266,7 КБСтраницы: 44Язык: EnglishПросмотреть
Примечания к выпускуСодержаниеBefore You Begin: Important Update and Compatibility Notes2Configuration and Event Backup Guidelines2Traffic Flow and Inspection During the Update3Traffic Inspection and Link State3Network Traffic Management4Product Compatibility4Web Browser Compatibility4Screen Resolution Compatibility4Updating Your Appliances4Planning the Update5Sourcefire 3D System Version Requirements5Virtual Appliance Operating System Requirements5Time and Disk Space Requirements5Configuration and Event Backup Guidelines6When to Perform the Update6Installation Method6Order of Installation6Installing the Update on Clustered Devices6Installing the Update on Stacked Devices7Installing the Update on Clustered Stacks7After the Installation7Updating Managed Devices7Uninstalling the Update9Planning the Uninstallation10Uninstallation Method10Order of Uninstallation10Uninstalling the Update from Clustered or Paired Appliances10Uninstalling the Update from Stacked Devices10Uninstalling the Update from Clustered Stacks11Uninstalling the Update from Devices Deployed Inline11After the Uninstallation11Uninstalling the Update from a Managed Device11Issues Resolved in Version 5.2.0.913Issues Resolved in Previous Updates13Version 5.2.0.813Version 5.2.0.714Version 5.2.0.614Version 5.2.0.515Version 5.2.0.416Version 5.2.0.316Version 5.2.0.218Version 5.2.0.118Version 5.219Known Issues25Known Issues Reported in Previous Releases25Features Introduced in Previous Versions315.2.x.x315.231Advanced Malware Protection31Malware Blocking31Network File Trajectory32Next-Generation Firewall (NGFW)32Clustered State Sharing32Gateway VPN33Policy-Based NAT34Clustered Stacking34Drop BPDUs Support35Series 2 Device Reimaging35Geolocation35Network Discovery36IPv6 Support36Sourcefire User Agent Logoff Detection36Access Control36Source Ports in Access Control Rules36ICMP Types and Codes in Access Control Rules37SSL Application Detection37URL Blocking based on SSL Common Name37Updates to API Support37eStreamer and Database Access Updates37Extended Rule Documentation37For Assistance37Legal Notices38Размер: 245,5 КБСтраницы: 39Язык: EnglishПросмотреть
/ru/manuals/1704098/СодержаниеIntroduction39FireSIGHT System Appliances40Series 2 Appliances41Series 3 Appliances42Virtual Appliances42Sourcefire Software for X-Series42Cisco ASA with FirePOWER Services43Appliances Delivered with Version 5.3.143Supported Capabilities by Defense Center Model44Supported Capabilities by Managed Device Model46FireSIGHT System Components47Redundancy and Resource Sharing48Network Traffic Management48FireSIGHT49Access Control49Intrusion Detection and Prevention50File Tracking, Control, and Malware Protection50Application Programming Interfaces51Documentation Resources52Documentation Conventions53License Conventions53Supported Device and Defense Center Conventions54Access Conventions54IP Address Conventions55Logging into the FireSIGHT System57Logging into the Appliance57Logging into the Appliance to Set Up an Account59Logging Out of the Appliance60Using the Context Menu61Using Dashboards63Understanding Dashboard Widgets66Understanding Widget Availability66Understanding Widget Preferences68Understanding the Predefined Widgets69Understanding the Appliance Information Widget69Understanding the Appliance Status Widget70Understanding the Correlation Events Widget71Understanding the Current Interface Status Widget72Understanding the Current Sessions Widget72Understanding the Custom Analysis Widget73Configuring the Custom Analysis Widget76Viewing Associated Events from the Custom Analysis Widget85Custom Analysis Widget Limitations87Understanding the Disk Usage Widget87Understanding the Interface Traffic Widget88Understanding the Intrusion Events Widget89Understanding the Network Compliance Widget90Understanding the Product Licensing Widget92Understanding the Product Updates Widget92Understanding the RSS Feed Widget93Understanding the System Load Widget94Understanding the System Time Widget95Understanding the White List Events Widget95Working with Dashboards96Creating a Custom Dashboard96Viewing Dashboards98Modifying Dashboards99Changing Dashboard Properties100Adding Tabs101Deleting Tabs101Renaming Tabs101Adding Widgets102Rearranging Widgets103Minimizing and Maximizing Widgets103Deleting Widgets103Deleting a Dashboard104Using the Context Explorer105Understanding the Context Explorer106Understanding the Traffic and Intrusion Event Counts Time Graph107Understanding the Indications of Compromise Section108Viewing the Hosts by Indication Graph108Viewing the Indications by Host Graph109Understanding the Network Information Section109Viewing the Operating Systems Graph110Viewing the Traffic by Source IP Graph110Viewing the Traffic by Source User Graph111Viewing the Connections by Access Control Action Graph112Viewing the Traffic by Destination IP Graph112Viewing the Traffic by Ingress/Egress Security Zone Graph113Understanding the Application Information Section114Viewing the Traffic by Risk/Business Relevance and Application Graph115Viewing the Intrusion Events by Risk/Business Relevance and Application Graph116Viewing the Hosts by Risk/Business Relevance and Application Graph117Viewing the Application Details List117Understanding the Security Intelligence Section118Viewing the Security Intelligence Traffic by Category Graph118Viewing the Security Intelligence Traffic by Source IP Graph119Viewing the Security Intelligence Traffic by Destination IP Graph119Understanding the Intrusion Information Section120Viewing the Intrusion Events by Impact Graph120Viewing the Top Attackers Graph121Viewing the Top Users Graph122Viewing the Intrusion Events by Priority Graph122Viewing the Top Targets Graph123Viewing the Top Ingress/Egress Security Zones Graph123Viewing the Intrusion Event Details List124Understanding the Files Information Section124Viewing the Top File Types Graph125Viewing the Top File Names Graph125Viewing the Files by Disposition Graph126Viewing the Top Hosts Sending Files Graph127Viewing the Top Hosts Receiving Files Graph128Viewing the Top Malware Detections Graph129Understanding the Geolocation Information Section130Viewing the Connections by Initiator/Responder Country Graph130Viewing the Intrusion Events by Source/Destination Country Graph131Viewing the File Events by Sending/Receiving Country Graph132Understanding the URL Information Section133Viewing the Traffic by URL Graph134Viewing the Traffic by URL Category Graph134Viewing the Traffic by URL Reputation Graph135Refreshing the Context Explorer136Setting the Context Explorer Time Range137Minimizing and Maximizing Context Explorer Sections137Drilling Down on Context Explorer Data138Working with Filters in the Context Explorer139Adding and Applying Filters139Creating Filters with the Context Menu143Bookmarking Filters144Managing Reusable Objects145Using the Object Manager145Grouping Objects146Browsing, Sorting, and Filtering Objects147Working with Network Objects147Working with Security Intelligence Lists and Feeds148Working with the Global Whitelist and Blacklist150Working with the Intelligence Feed152Working with Custom Security Intelligence Feeds152Manually Updating Security Intelligence Feeds153Working with Custom Security Intelligence Lists153Updating a Security Intelligence List154Working with Port Objects155Working with VLAN Tag Objects156Working with URL Objects157Working with Application Filters157Working with Variable Sets160Optimizing Predefined Default Variables161Understanding Variable Sets163Managing Variable Sets165Managing Variables166Adding and Editing Variables168Working with Network Variables171Working with Port Variables173Resetting Variables174Linking Variable Sets to Intrusion Policies174Understanding Advanced Variables175Working with File Lists176Uploading Multiple SHA-256 Values to a File List177Uploading an Individual File to a File List178Adding a SHA-256 Value to the File List179Modifying Files on a File List179Downloading a Source File from a File List180Working with Security Zones181Working with Geolocation Objects182Managing Devices185Management Concepts186What Can Be Managed by a Defense Center?186Beyond Policies and Events187Using Redundant Defense Centers187Working in NAT Environments187Configuring High Availability188Using High Availability189Shared Configurations190Health and System Policies191Correlation Responses191Licenses192URL Filtering and Security Intelligence192Cloud Connections and Malware Information192User Agents192Guidelines for Implementing High Availability192Setting Up High Availability193Monitoring and Changing High Availability Status195Disabling High Availability and Unregistering Devices196Pausing Communication Between Paired Defense Centers197Restarting Communication Between Paired Defense Centers197Working with Devices198Understanding the Device Management Page198Adding Devices to the Defense Center199Applying Changes to Devices201Using the Device Management Revision Comparison Report202Deleting Devices203Configuring Remote Management203Editing Remote Management205Changing the Management Port206Managing Device Groups206Adding Device Groups206Editing Device Groups207Deleting Device Groups208Clustering Devices208Establishing Device Clusters211Editing Device Clusters212Configuring Individual Devices in a Cluster213Configuring Individual Device Stacks in a Cluster213Configuring Interfaces on a Clustered Device214Switching the Active Peer in a Cluster215Placing a Clustered Device into Maintenance Mode215Replacing a Device in a Clustered Stack216Establishing Clustered State Sharing216Troubleshooting Clustered State Sharing218Separating Clustered Devices221Managing Stacked Devices221Establishing Device Stacks223Editing Device Stacks225Configuring Individual Devices in a Stack225Configuring Interfaces on a Stacked Device226Separating Stacked Devices226Editing Device Configuration227Editing Assigned Device Names227Enabling and Disabling Device Licenses228Editing Device System Settings229Viewing the Health of a Device230Editing Device Management Settings230Understanding Advanced Device Settings232Automatic Application Bypass232Editing Advanced Device Settings233Configuring Fast-Path Rules234Adding IPv4 Fast-Path Rules234Adding IPv6 Fast-Path Rules236Deleting Fast-Path Rules237Configuring Interfaces238Configuring the Management Interface240Configuring HA Link Interfaces241Configuring the Interface MTU242Managing Cisco ASA with FirePOWER Services Interfaces242Disabling Interfaces243Preventing Duplicate Connection Logging244Setting Up an IPS Device245Understanding Passive IPS Deployments245Configuring Passive Interfaces245Understanding Inline IPS Deployments247Configuring Inline Interfaces247Configuring Inline Sets248Viewing Inline Sets248Adding Inline Sets249Configuring Advanced Inline Set Options251Removing Bypass Mode on Fiber Inline Sets Configured to Fail Open253Deleting Inline Sets254Configuring Sourcefire Software for X-Series Interfaces254Setting Up Virtual Switches257Configuring Switched Interfaces257Configuring Physical Switched Interfaces258Adding Logical Switched Interfaces259Deleting Logical Switched Interfaces260Configuring Virtual Switches261Viewing Virtual Switches261Adding Virtual Switches262Configuring Advanced Virtual Switch Settings263Deleting Virtual Switches265Setting Up Virtual Routers267Configuring Routed Interfaces267Configuring Physical Routed Interfaces268Adding Logical Routed Interfaces270Deleting Logical Routed Interfaces272Configuring SFRP273Configuring Virtual Routers274Viewing Virtual Routers274Adding Virtual Routers275Setting Up DHCP Relay276Setting Up DHCPv4 Relay277Setting Up DHCPv6 Relay278Setting Up Static Routes278Understanding the Static Routes Table View279Adding Static Routes279Setting Up Dynamic Routing280Setting Up RIP Configuration281Adding Interfaces for RIP Configuration281Configuring Authentication Settings for RIP Configuration282Configuring Advanced Settings for RIP Configuration283Adding Import Filters for RIP Configuration284Adding Export Filters for RIP Configuration285Setting Up OSPF Configuration286Setting Up OSPF Routing Areas286Adding OSPF Areas286Adding OSPF Area Interfaces288Adding OSPF Area Vlinks290Adding Import Filters for OSPF Configuration292Adding Export Filters for OSPF Configuration293Setting Up Virtual Router Filters294Adding Virtual Router Authentication Profiles296Viewing Virtual Router Statistics297Deleting Virtual Routers297Setting Up Hybrid Interfaces299Adding Logical Hybrid Interfaces299Deleting Logical Hybrid Interfaces301Using Gateway VPNs303Understanding IPSec303Understanding IKE304Understanding VPN Deployments304Understanding Point-to-Point VPN Deployments304Understanding Star VPN Deployments305Understanding Mesh VPN Deployments306Managing VPN Deployments307Configuring VPN Deployments308Configuring Point-to-Point VPN Deployments308Configuring Star VPN Deployments311Configuring Mesh VPN Deployments313Configuring Advanced VPN Deployment Settings315Applying a VPN Deployment316Viewing VPN Deployment Status317Viewing VPN Statistics and Logs318Using the VPN Deployment Comparison View319Using NAT Policies321Planning and Implementing a NAT Policy322Configuring NAT Policies322Managing NAT Policy Targets323Organizing Rules in a NAT Policy325Working with NAT Rule Warnings and Errors326Managing NAT Policies327Creating a NAT Policy328Editing a NAT Policy329Copying a NAT Policy330Viewing a NAT Policy Report330Comparing Two NAT Policies331Using the NAT Policy Comparison View332Using the NAT Policy Comparison Report332Applying a NAT Policy333Applying a Complete NAT Policy334Applying Selected Policy Configurations335Creating and Editing NAT Rules335Understanding NAT Rule Types337Understanding NAT Rule Conditions and Condition Mechanics339Understanding NAT Rule Conditions339Adding Conditions to NAT Rules340Searching NAT Rule Condition Lists342Adding Literal Conditions to NAT Rules343Using Objects in NAT Rule Conditions343Working with Different Types of Conditions in NAT Rules343Adding Zone Conditions to NAT Rules344Adding Source Network Conditions to Dynamic NAT Rules345Adding Destination Network Conditions to NAT Rules347Adding Port Conditions to NAT Rules348Using Access Control Policies351Configuring Policies353Setting the Default Action354Logging Connections for the Default Action357Using Custom User Roles with Access Control Policies358Managing Policy Targets359Adding an HTTP Response Page360Filtering Traffic Based on Security Intelligence Data362Building the Security Intelligence Whitelist and Blacklist364Searching for Objects to Whitelist or Blacklist366Creating Objects to Whitelist or Blacklist366Logging Blacklisted Connections367Configuring Advanced Access Control Policy Settings368Organizing Rules in a Policy372Working with Rule Categories373Searching for Rules374Filtering Rules by Device375Working with Warnings and Errors376Understanding Invalid Configurations376Understanding Rule Pre-emption377Managing Access Control Policies377Creating an Access Control Policy378Editing an Access Control Policy379Copying an Access Control Policy380Viewing an Access Control Policy Report380Comparing Two Access Control Policies382Using the Access Control Policy Comparison View382Using the Access Control Policy Comparison Report383Applying an Access Control Policy384Applying a Complete Policy385Applying Selected Policy Configurations386Understanding and Writing Access Control Rules389Creating and Editing Access Control Rules390Understanding Rule Actions393Understanding Rule Conditions and Condition Mechanics396Understanding Rule Conditions397Adding Rule Conditions399Searching Condition Lists402Adding Literal Conditions402Using Objects in Conditions403Working with Different Types of Conditions403Adding Zone Conditions404Adding Network Conditions405Adding Geolocation Conditions406Adding VLAN Tag Conditions408Adding User Conditions409Working with Application Conditions410Understanding Application Condition Lists411Adding Application Conditions412Adding Port Conditions414Adding URL Conditions415Performing File and Intrusion Inspection on Allowed Traffic419Logging Connection, File, and Malware Information422Adding Comments to a Rule427Configuring External Alerting429Working with Alert Responses430Creating an Email Alert Response431Creating an SNMP Alert Response432Creating a Syslog Alert Response433Modifying an Alert Response435Deleting an Alert Response435Enabling and Disabling Alert Responses436Configuring Impact Flag Alerting436Configuring Discovery Event Alerting437Configuring Advanced Malware Protection Alerting437Working with Connection & Security Intelligence Data439Understanding Connection Data440Understanding Connection Summaries441Long-Running Connections442Combined Connection Summaries from External Responders442Connection and Security Intelligence Data Fields442Information Available in Connection and Security Intelligence Events448Uses for Connection Data in the FireSIGHT System451Viewing Connection and Security Intelligence Data451Working with Connection Graphs452Changing the Graph Type454Selecting Datasets456Viewing Information About Aggregated Connection Data458Manipulating a Connection Graph on a Workflow Page459Drilling Down Through Connection Data Graphs460Recentering and Zooming on Line Graphs460Selecting Data to Graph461Detaching Connection Graphs462Exporting Connection Data462Working with Connection and Security Intelligence Data Tables463Working with Events Associated with Monitor Rules464Viewing Files Detected in a Connection465Viewing Intrusion Events Associated with a Connection466Searching for Connection and Security Intelligence Data466Viewing the Connection Summary Page469Introduction to Intrusion Prevention471Understanding How Traffic Is Analyzed472Capturing and Decoding Packets473Processing Packets474Generating Events475Analyzing Intrusion Event Data476Using Intrusion Event Responses477Understanding Intrusion Prevention Deployments477The Benefits of Custom Intrusion Policies479Working with Intrusion Events481Viewing Intrusion Event Statistics482Host Statistics483Event Overview483Event Statistics484Viewing Intrusion Event Performance484Generating Intrusion Event Performance Statistics Graphs485Viewing Intrusion Event Graphs486Viewing Intrusion Events486Understanding Intrusion Events487Viewing Connection Data Associated with Intrusion Events492Reviewing Intrusion Events493Understanding Workflow Pages for Intrusion Events494Using Drill-Down and Table View Pages495Using the Packet View499Viewing Event Information501Using Packet View Actions504Setting Threshold Options within the Packet View505Setting Suppression Options within the Packet View506Viewing Frame Information507Viewing Data Link Layer Information508Viewing Network Layer Information508Viewing IPv4 Network Layer Information509Viewing IPv6 Network Layer Information510Viewing Transport Layer Information511TCP Packet View511UDP Packet View512ICMP Packet View512Viewing Packet Byte Information513Using Impact Levels to Evaluate Events513Searching for Intrusion Events515Using the Clipboard521Generating Clipboard Reports521Deleting Events from the Clipboard522Handling Incidents523Incident Handling Basics523Definition of an Incident523Common Incident Handling Processes524Incident Types in the FireSIGHT System526Creating an Incident527Editing an Incident527Generating Incident Reports528Creating Custom Incident Types529Configuring Intrusion Policies531Planning and Implementing an Intrusion Policy532Managing Intrusion Policies533Creating an Intrusion Policy535Editing an Intrusion Policy536Using the Navigation Panel538Committing Intrusion Policy Changes538Reapplying an Intrusion Policy539Viewing an Intrusion Policy Report540Comparing Two Intrusion Policies541Using the Intrusion Policy Comparison View542Using the Intrusion Policy Comparison Report543Setting Drop Behavior in an Inline Deployment544Understanding the Base Policy546Using Default Intrusion Policies546Using a Custom Base Policy547Allowing Rule Updates to Modify the Base Policy548Selecting the Base Policy548Accepting Rule Setting Changes from a Custom Base Policy550Managing Rules in an Intrusion Policy551Understanding Intrusion Prevention Rule Types552Viewing Rules in an Intrusion Policy553Sorting the Rule Display554Viewing Rule Details555Setting a Threshold for a Rule556Setting Suppression for a Rule557Setting a Dynamic Rule State for a Rule558Setting an SNMP Alert for a Rule559Adding a Rule Comment for a Rule559Filtering Rules in an Intrusion Policy560Understanding Rule Filtering in an Intrusion Policy560Guidelines for Constructing Intrusion Policy Rule Filters560Understanding Rule Configuration Filters563Understanding Rule Content Filters565Understanding Rule Categories567Editing a Rule Filter Directly567Setting a Rule Filter in an Intrusion Policy568Setting Rule States570Filtering Intrusion Event Notification Per Policy572Configuring Event Thresholding572Understanding Event Thresholding572Adding and Modifying Intrusion Event Thresholds574Viewing and Deleting Intrusion Event Thresholds575Configuring Suppression Per Intrusion Policy576Suppressing Intrusion Events577Viewing and Deleting Suppression Conditions578Adding Dynamic Rule States579Understanding Dynamic Rule States579Setting a Dynamic Rule State580Adding Alerts582Adding SNMP Alerts582Adding Rule Comments583Managing FireSIGHT Rule State Recommendations584Understanding Basic Rule State Recommendations585Understanding Advanced Rule State Recommendations586Understanding the Networks to Examine586Understanding Rule Overhead587Using FireSIGHT Recommendations587Using Advanced Settings in an Intrusion Policy591Modifying Advanced Settings591Understanding Preprocessors595Meeting Traffic Challenges with Preprocessors596Understanding Preprocessor Execution Order597Reading Preprocessor Events598Understanding the Preprocessor Event Packet Display598Reading Preprocessor Generator IDs598Automatically Enabling Advanced Settings600Understanding Troubleshooting Options603Using Layers in an Intrusion Policy605Understanding Intrusion Policy Layers605Sharing Layers606Using Rules in Layers607Removing Multi-Layer Rule Settings609Using the FireSIGHT Recommendations Layer610Using Layers with Advanced Settings611Configuring User Layers613Using Performance Settings in an Intrusion Policy617Event Queue Configuration617Understanding Packet Latency Thresholding618Setting Packet Latency Thresholding Options620Configuring Packet Latency Thresholding620Understanding Rule Latency Thresholding621Setting Rule Latency Thresholding Options623Configuring Rule Latency Thresholding624Performance Statistics Configuration625Constraining Regular Expressions626Rule Processing Configuration628Using Application Layer Preprocessors631Decoding DCE/RPC Traffic632Selecting Global DCE/RPC Options633Understanding Target-Based DCE/RPC Server Policies634Understanding DCE/RPC Transports635Understanding Connectionless and Connection-Oriented DCE/RPC Traffic636Understanding the RPC over HTTP Transport637Selecting DCE/RPC Target-Based Policy Options638Configuring the DCE/RPC Preprocessor641Detecting Exploits in DNS Name Server Responses644Understanding DNS Preprocessor Resource Record Inspection644Detecting Overflow Attempts in RData Text Fields645Detecting Obsolete DNS Resource Record Types646Detecting Experimental DNS Resource Record Types646Configuring the DNS Preprocessor647Decoding FTP and Telnet Traffic648Understanding Global FTP and Telnet Options648Configuring Global FTP/Telnet Options649Understanding Telnet Options650Configuring Telnet Options651Understanding Server-Level FTP Options652Creating FTP Command Parameter Validation Statements654Configuring Server-Level FTP Options655Understanding Client-Level FTP Options657Configuring Client-Level FTP Options658Decoding HTTP Traffic660Selecting Global HTTP Normalization Options661Configuring Global HTTP Configuration Options662Selecting Server-Level HTTP Normalization Options663Selecting Server-Level HTTP Normalization Encoding Options669Configuring HTTP Server Options672Enabling Additional HTTP Inspect Preprocessor Rules674Using the Sun RPC Preprocessor674Configuring the Sun RPC Preprocessor675Decoding the Session Initiation Protocol676Selecting SIP Preprocessor Options677Configuring the SIP Preprocessor679Enabling Additional SIP Preprocessor Rules680Configuring the GTP Command Channel681Decoding IMAP Traffic682Selecting IMAP Preprocessor Options683Configuring the IMAP Preprocessor684Enabling Additional IMAP Preprocessor Rules685Decoding POP Traffic686Selecting POP Preprocessor Options686Configuring the POP Preprocessor687Enabling Additional POP Preprocessor Rules688Decoding SMTP Traffic689Understanding SMTP Decoding689Configuring SMTP Decoding694Enabling SMTP Maximum Decoding Memory Alerting696Detecting Exploits Using the SSH Preprocessor696Selecting SSH Preprocessor Options697Configuring the SSH Preprocessor699Using the SSL Preprocessor700Understanding SSL Preprocessing701Enabling SSL Preprocessor Rules702Configuring the SSL Preprocessor702Working with SCADA Preprocessors704Configuring the Modbus Preprocessor704Configuring the DNP3 Preprocessor705Using Transport & Network Layer Preprocessors709Verifying Checksums709Ignoring VLAN Headers710Normalizing Inline Traffic712Understanding Protocol Normalization712IPv4 Normalization713IPv6 Normalization713ICMPv4 and ICMPv6 Normalization713TCP Normalization713Configuring Inline Normalization715Defragmenting IP Packets719Understanding IP Fragmentation Exploits719Target-Based Defragmentation Policies720Selecting Defragmentation Options721Configuring IP Defragmentation722Understanding Packet Decoding723Configuring Packet Decoding726Using TCP Stream Preprocessing727Understanding State-Related TCP Exploits728Initiating Active Responses with Drop Rules729Selecting TCP Global Options729Understanding Target-Based TCP Policies730Selecting TCP Policy Options731Reassembling TCP Streams734Understanding Stream-Based Attacks735Selecting Stream Reassembly Options735Configuring TCP Stream Preprocessing737Using UDP Stream Preprocessing739Configuring UDP Stream Preprocessing739Using the FireSIGHT System as a Compliance Tool741Understanding Compliance White Lists742Understanding White List Targets743Understanding White List Host Profiles744Understanding the Global Host Profile744Understanding Host Profiles for Specific Operating Systems744Understanding Shared Host Profiles745Understanding White List Evaluations745Understanding White List Violations746Creating Compliance White Lists747Surveying Your Network749Providing Basic White List Information750Configuring Compliance White List Targets750Modifying Existing Targets752Deleting Existing Targets752Configuring Compliance White List Host Profiles753Configuring the Global Host Profile753Creating Host Profiles for Specific Operating Systems754Adding an Application Protocol to a Host Profile755Adding a Client to a Host Profile756Adding a Web Application to a Host Profile757Adding a Protocol to a Host Profile757Adding a Shared Host Profile to a Compliance White List758Modifying Existing Host Profiles759Deleting Existing Host Profiles762Managing Compliance White Lists762Modifying a Compliance White List763Deleting a Compliance White List763Working with Shared Host Profiles763Creating Shared Host Profiles764Modifying a Shared Host Profile765Deleting a Shared Host Profile767Resetting Built-In Host Profiles to Their Factory Defaults768Working with White List Events768Viewing White List Events769Understanding the White List Events Table770Searching for Compliance White List Events771Working with White List Violations773Viewing White List Violations773Understanding the White List Violations Table775Searching for White List Violations776Detecting Specific Threats779Detecting Back Orifice779Detecting Portscans780Configuring Portscan Detection783Understanding Portscan Events785Preventing Rate-Based Attacks787Understanding Rate-Based Attack Prevention787Preventing SYN Attacks789Controlling Simultaneous Connections790Rate-Based Attack Prevention and Other Filters790Rate-Based Attack Prevention and Detection Filtering790Dynamic Rule States and Thresholding or Suppression791Policy-Wide Rate-Based Detection and Thresholding or Suppression793Rate-Based Detection with Multiple Filtering Methods794Configuring Rate-Based Attack Prevention795Detecting Sensitive Data797Deploying Sensitive Data Detection798Selecting Global Sensitive Data Detection Options798Selecting Individual Data Type Options799Using Predefined Data Types800Configuring Sensitive Data Detection801Selecting Application Protocols to Monitor803Special Case: Detecting Sensitive Data in FTP Traffic804Using Custom Data Types805Defining Data Patterns in Custom Data Types805Configuring Custom Data Types807Editing Custom Data Type Names and Detection Patterns808Using Adaptive Profiles811Understanding Adaptive Profiles811Using Adaptive Profiles with Preprocessors812Adaptive Profiles and FireSIGHT Recommended Rules812Configuring Adaptive Profiles813Using Global Rule Thresholding815Understanding Thresholding815Understanding Thresholding Options816Configuring Global Thresholds817Disabling the Global Threshold818Configuring External Alerting for Intrusion Rules821Using SNMP Responses821Configuring SNMP Responses823Using Syslog Responses824Configuring Syslog Responses826Understanding Email Alerting826Configuring Email Alerting828Understanding and Writing Intrusion Rules831Understanding Rule Anatomy832Understanding Rule Headers832Specifying Rule Actions834Specifying Protocols834Specifying IP Addresses In Intrusion Rules835Specifying Any IP Address836Specifying Multiple IP Addresses836Specifying Network Objects837Excluding IP Addresses in Intrusion Rules837Defining Ports in Intrusion Rules838Specifying Direction839Understanding Keywords and Arguments in Rules839Defining Intrusion Event Details841Defining the Event Message841Defining the Event Priority841Defining the Intrusion Event Classification842Defining the Event Reference844Searching for Content Matches844Constraining Content Matches845Case Insensitive846Raw Data846Not846Search Location Options847HTTP Content Options849Use Fast Pattern Matcher852Replacing Content in Inline Deployments855Using Byte_Jump and Byte_Test856byte_jump856byte_test859Searching for Content Using PCRE861Perl-Compatible Regular Expression Basics862PCRE Modifier Options863Example PCRE Keyword Values866Adding Metadata to a Rule867Inspecting IP Header Values871Inspecting Fragments and Reserved Bits872Inspecting the IP Header Identification Value872Identifying Specified IP Options872Identifying Specified IP Protocol Numbers873Inspecting a Packet’s Type of Service873Inspecting a Packet’s Time-To-Live Value873Inspecting ICMP Header Values874Identifying Static ICMP ID and Sequence Values874Inspecting the ICMP Message Type875Inspecting the ICMP Message Code875Inspecting TCP Header Values and Stream Size876Inspecting the TCP Acknowledgement Value876Inspecting TCP Flag Combinations876Applying Rules to a TCP or UDP Client or Server Flow877Identifying Static TCP Sequence Numbers878Identifying TCP Windows of a Given Size879Identifying TCP Streams of a Given Size879Enabling and Disabling TCP Stream Reassembly880Extracting SSL Information from a Session881ssl_state881ssl_version882Inspecting Application Layer Protocol Values883RPC883ASN.1883urilen884DCE/RPC Keywords885dce_iface887dce_opnum888dce_stub_data888SIP Keywords889sip_header889sip_body889sip_method890sip_stat_code890GTP Keywords891gtp_version891gtp_type892gtp_info896Modbus Keywords901modbus_data902modbus_func902modbus_unit903DNP3 Keywords903dnp3_data904dnp3_func904dnp3_ind905dnp3_obj906Inspecting Packet Characteristics907dsize907isdataat907sameip908fragoffset908cvs909Reading Packet Data into Keyword Arguments909Initiating Active Responses with Rule Keywords912Initiating Active Responses by Type and Direction913Sending an HTML Page Before a TCP Reset914Setting the Active Response Reset Attempts and Interface915Filtering Events916Evaluating Post-Attack Traffic917Detecting Attacks That Span Multiple Packets918Generating Events on the HTTP Encoding Type and Location923Pointing to a Specific Payload Type925Pointing to the Beginning of the Packet Payload926Decoding and Inspecting Base64 Data926base64_decode927base64_data928Constructing a Rule928Writing New Rules928Modifying Existing Rules930Adding Comments to Rules931Deleting Custom Rules932Searching for Rules933Filtering Rules on the Rule Editor Page935Using Keywords in a Rule Filter935Using Character Strings in a Rule Filter936Combining Keywords and Character Strings in a Rule Filter937Filtering Rules937Blocking Malware and Prohibited Files939Understanding Malware Protection and File Control940Configuring Malware Protection and File Control943Logging Events Based on Malware Protection and File Control944Integrating FireAMP with the FireSIGHT System944Network-Based AMP vs Endpoint-Based FireAMP945Understanding and Creating File Policies947Creating a File Policy955Working with File Rules956Configuring Advanced File Policy Options958Comparing Two File Policies959Working with Cloud Connections for FireAMP960Creating a Cisco Cloud Connection960Deleting or Disabling a Cloud Connection961Analyzing Malware and File Activity963Working with File Storage964Understanding Captured File Storage965Downloading Stored Files to Another Location966Working with Dynamic Analysis966Understanding Spero Analysis967Submitting Files for Dynamic Analysis968Reviewing the Threat Score and Dynamic Analysis Summary968Working with File Events969Viewing File Events969Understanding the File Events Table971Searching for File Events973Working with Malware Events975Viewing Malware Events977Understanding the Malware Events Table978Malware Event Types982Searching for Malware Events983Working with Captured Files985Viewing Captured Files986Understanding the Captured Files Table987Searching for Captured Files988Working with Network File Trajectory990Reviewing Network File Trajectory990Accessing Network File Trajectory991Analyzing Network File Trajectory992Summary Information992Trajectory Map994Events Table997Introduction to Network Discovery999Understanding Discovery Data Collection999Understanding Host Data Collection1000Understanding User Data Collection1001Managed Devices1002User Agents1003Defense Center-LDAP Server Connections1005Users Database1005User Activity Database1006Access-Controlled Users Database1006User Data Collection Limitations1007Understanding Application Detection1008Understanding the Application Protocol Detection Process1010Implied Application Protocol Detection from Client Detection1011Host Limits and Discovery Event Logging1012Special Considerations for Application Protocol Detection: Squid1012Special Considerations: SSL Application Detection1012Special Considerations: Referred Web Applications1013Importing Third-Party Discovery Data1013Uses for Discovery Data1014Understanding NetFlow1014Differences Between NetFlow and FireSIGHT Data1015Preparing to Analyze NetFlow Data1017Understanding Indications of Compromise1018Understanding Indications of Compromise Types1018Endpoint-Based Malware Event IOC Types1018Intrusion Event IOC Types1019Security Intelligence Event IOC Types1020Viewing and Editing Indications of Compromise Data1020Creating a Network Discovery Policy1020Working with Discovery Rules1021Understanding Device Selection1022Understanding Actions and Discovered Assets1023Understanding Monitored Networks1023Understanding Zones in Network Discovery Policies1024Understanding Port Exclusions1024Adding a Discovery Rule1024Creating Network Objects1026Creating Port Objects1027Restricting User Logging1028Configuring Advanced Network Discovery Options1029Configuring General Settings1029Configuring Identity Conflict Resolution1030Enabling Vulnerability Impact Assessment Mappings1031Setting Indications of Compromise Rules1032Adding NetFlow-Enabled Devices1032Configuring Data Storage1033Configuring Discovery Event Logging1034Adding Identity Sources1035Applying the Network Discovery Policy1036Obtaining User Data from LDAP Servers1037Creating LDAP Connections with the Defense Center1037Preparing to Connect to an LDAP Server1038Creating an LDAP Connection for User Control1039Enabling and Disabling User Awareness LDAP Connections1042Performing an On-Demand User Data Retrieval for Access Control1043Configuring Defense Center-User Agent Connections1043Configuring the Defense Center to Connect to a User Agent1044Installing a User Agent1045Configuring User and Security Permissions1046Configuring a User Agent1046Using the Network Map1049Understanding the Network Map1049Working with the Hosts Network Map1050Working with the Network Devices Network Map1051Working with the Indications of Compromise Network Map1052Working with the Mobile Devices Network Map1053Working with the Applications Network Map1054Working with the Vulnerabilities Network Map1055Working with the Host Attributes Network Map1057Working with Custom Network Topologies1058Creating Custom Topologies1059Providing Basic Topology Information1060Importing a Discovered Topology1060Importing Networks from a Network Discovery Policy1061Manually Adding Networks to Your Custom Topology1061Managing Custom Topologies1062Using Host Profiles1065Viewing Host Profiles1068Working with Basic Host Information in the Host Profile1069Working with IP Addresses in the Host Profile1070Working with Indications of Compromise in the Host Profile1071Editing Indication of Compromise Rule States for a Single Host1072Viewing Source Events for Indications of Compromise1072Resolving Indications of Compromise1073Working with Operating Systems in the Host Profile1073Viewing Operating System Identities1075Editing an Operating System1076Resolving Operating System Identity Conflicts1077Working with Servers in the Host Profile1078Server Detail1079Editing Server Identities1081Resolving Server Identity Conflicts1082Working with Applications in the Host Profile1082Viewing Applications in the Host Profile1083Deleting Applications from the Host Profile1084Working with VLAN Tags in the Host Profile1084Working with User History in the Host Profile1085Working with Host Attributes in the Host Profile1085Assigning Host Attribute Values1085Working with Host Protocols in the Host Profile1086Working with White List Violations in the Host Profile1086Creating a White List Host Profile from a Host Profile1087Working with Malware Detections in the Host Profile1088Working with Vulnerabilities in the Host Profile1088Viewing Vulnerability Details1090Setting the Vulnerability Impact Qualification1091Downloading Patches for Vulnerabilities1092Setting Vulnerabilities for Individual Hosts1093Working with the Predefined Host Attributes1093Working with User-Defined Host Attributes1094Creating User-Defined Host Attributes1095Creating Integer Host Attributes1096Creating List Host Attributes1096Editing a User-Defined Host Attribute1097Deleting a User-Defined Host Attribute1097Working with Scan Results in a Host Profile1098Scanning a Host from the Host Profile1098Working with Discovery Events1099Viewing Discovery Event Statistics1100Statistics Summary1101Event Breakdown1102Protocol Breakdown1102Application Protocol Breakdown1102OS Breakdown1103Viewing Discovery Performance Graphs1103Understanding Discovery Event Workflows1104Working with Discovery and Host Input Events1106Understanding Discovery Event Types1107Understanding Host Input Event Types1111Viewing Discovery and Host Input Events1112Understanding the Discovery Events Table1113Searching for Discovery Events1114Working with Hosts1116Viewing Hosts1116Understanding the Hosts Table1117Creating a Traffic Profile for Selected Hosts1120Creating a Compliance White List Based on Selected Hosts1121Searching for Hosts1121Working with Host Attributes1124Viewing Host Attributes1124Understanding the Host Attributes Table1125Setting Host Attributes for Selected Hosts1126Searching for Host Attributes1127Working with Indications of Compromise1128Viewing Indications of Compromise1129Understanding the Indications of Compromise Table1129Searching for Indications of Compromise1130Working with Servers1131Viewing Servers1132Understanding the Servers Table1133Searching for Servers1135Working with Applications1136Viewing Applications1137Understanding the Applications Table1138Searching for Applications1139Working with Application Details1140Viewing Application Details1141Understanding the Application Detail Table1141Searching for Application Details1143Working with Vulnerabilities1144Viewing Vulnerabilities1145Understanding the Vulnerabilities Table1146Deactivating Vulnerabilities1147Searching for Vulnerabilities1148Working with Third-Party Vulnerabilities1149Viewing Third-Party Vulnerabilities1150Understanding the Third-Party Vulnerabilities Table1150Searching for Third-Party Vulnerabilities1151Working with Users1153Viewing Users1154Understanding the Users Table1154Understanding User Details and Host History1156Searching for Users1157Working with User Activity1158Viewing User Activity Events1159Understanding the User Activity Table1160Searching for User Activity1161Configuring Correlation Policies and Rules1163Creating Rules for Correlation Policies1164Providing Basic Rule Information1167Specifying Correlation Rule Trigger Criteria1167Syntax for Intrusion Events1169Syntax for Malware Events1171Syntax for Discovery Events1172Syntax for User Activity Events1174Syntax for Host Input Events1174Syntax for Connection Events1175Syntax for Traffic Profile Changes1177Adding a Host Profile Qualification1179Syntax for Host Profile Qualifications1180Constraining Correlation Rules Using Connection Data Over Time1182Adding a Connection Tracker1183Syntax for Connection Trackers1184Syntax for Connection Tracker Events1187Example: Excessive Connections From External Hosts1187Example: Excessive BitTorrent Data Transfers1189Adding a User Qualification1192Syntax for User Qualifications1193Adding Snooze and Inactive Periods1193Understanding Rule Building Mechanics1195Building a Single Condition1196Adding and Linking Conditions1198Using Multiple Values in a Condition1201Managing Rules for Correlation Policies1202Modifying a Rule1202Deleting a Rule1202Creating a Rule Group1203Grouping Correlation Responses1203Creating a Response Group1204Modifying a Response Group1205Deleting a Response Group1205Activating and Deactivating Response Groups1205Creating Correlation Policies1206Providing Basic Policy Information1207Adding Rules and White Lists to a Correlation Policy1207Setting Rule and White List Priorities1208Adding Responses to Rules and White Lists1209Managing Correlation Policies1210Activating and Deactivating Correlation Policies1211Editing a Correlation Policy1211Deleting a Correlation Policy1211Working with Correlation Events1212Viewing Correlation Events1212Understanding the Correlation Events Table1214Searching for Correlation Events1215Creating Traffic Profiles1219Providing Basic Profile Information1221Specifying Traffic Profile Conditions1221Syntax for Traffic Profile Conditions1222Adding a Host Profile Qualification1223Syntax for Host Profile Qualifications1224Setting Profile Options1225Saving a Traffic Profile1226Activating and Deactivating Traffic Profiles1226Editing a Traffic Profile1227Understanding Condition-Building Mechanics1227Building a Single Condition1229Adding and Linking Conditions1231Using Multiple Values in a Condition1234Viewing Traffic Profiles1234Configuring Remediations1237Creating Remediations1237Configuring Remediations for Cisco IOS Routers1239Adding a Cisco IOS Instance1240Cisco IOS Block Destination Remediations1241Cisco IOS Block Destination Network Remediations1241Cisco IOS Block Source Remediations1242Cisco IOS Block Source Network Remediations1243Configuring Remediations for Cisco PIX Firewalls1244Adding a Cisco PIX Instance1245Cisco PIX Block Destination Remediations1246Cisco PIX Block Source Remediations1246Configuring Nmap Remediations1247Adding an Nmap Scan Instance1247Nmap Scan Remediations1248Configuring Set Attribute Remediations1251Adding a Set Attribute Value Instance1251Set Attribute Value Remediations1252Working with Remediation Status Events1253Viewing Remediation Status Events1253Working with Remediation Status Events1255Understanding the Remediation Status Table1255Searching for Remediation Status Events1256Enhancing Network Discovery1259Assessing Your Detection Strategy1260Are Your Managed Devices Correctly Placed?1260Do Unidentified Operating Systems Have a Unique TCP Stack?1260Can the FireSIGHT System Identify All Applications?1261Have You Applied Patches that Fix Vulnerabilities?1261Do You Want to Track Third-Party Vulnerabilities?1261Enhancing Your Network Map1262Understanding Passive Detection1262Understanding Active Detection1262Understanding Current Identities1263Understanding Identity Conflicts1264Using Custom Fingerprinting1265Fingerprinting Clients1266Fingerprinting Servers1269Managing Fingerprints1271Activating Fingerprints1272Deactivating Fingerprints1273Deleting Fingerprints1273Editing Fingerprints1273Editing an Inactive Fingerprint1274Editing an Active Fingerprint1274Working with Application Detectors1275Creating a User-Defined Application Protocol Detector1277Providing Basic Application Protocol Detector Information1278Creating a User-Defined Application1279Specifying Detection Criteria for Application Protocol Detectors1279Adding Detection Patterns to an Application Protocol Detector1280Testing an Application Protocol Detector Against Packet Captures1281Managing Detectors1282Viewing Detector Details1282Sorting the Detector List1283Filtering the Detector List1283Navigating to Other Detector Pages1285Activating and Deactivating Detectors1285Modifying Application Detectors1286Deleting Detectors1287Importing Host Input Data1287Enabling the Use of Third-Party Data1288Managing Third-Party Product Mappings1288Mapping Third-Party Products1289Mapping Third-Party Product Fixes1290Mapping Third-Party Vulnerabilities1291Managing Custom Product Mappings1292Creating Custom Product Mappings1292Editing Custom Product Mapping Lists1293Managing Custom Product Mapping Activation State1294Configuring Active Scanning1295Understanding Nmap Scans1295Understanding Nmap Remediations1296Creating an Nmap Scanning Strategy1299Selecting Appropriate Scan Targets1299Selecting Appropriate Ports to Scan1300Setting Host Discovery Options1300Sample Nmap Scanning Profiles1300Example: Resolving Unknown Operating Systems1301Example: Responding to New Hosts1302Setting up Nmap Scans1303Creating an Nmap Scan Instance1303Creating an Nmap Scan Target1304Creating an Nmap Remediation1305Managing Nmap Scanning1308Managing Nmap Scan Instances1308Editing an Nmap Scan Instance1308Deleting an Nmap Scan Instance1309Managing Nmap Remediations1309Editing an Nmap Remediation1310Deleting an Nmap Remediation1310Running an On-Demand Nmap Scan1310Managing Scan Targets1311Editing a Scan Target1312Deleting a Scan Target1312Working with Active Scan Results1313Viewing Scan Results1313Understanding the Scan Results Table1315Analyzing Scan Results1315Monitoring Scans1315Importing Scan Results1316Searching for Scan Results1316Working with Reports1319Generating Reports1319Creating a Report Template from an Event View1320Creating a Report Template by Importing a Dashboard or Workflow1321Generating Reports from a Report Template1322Using Report Generation Options1324Managing Reports1324Understanding Report Templates1324Using Report Templates1326Creating Report Templates from Existing Templates1327Using Predefined Report Templates1327Creating New Report Templates1330Creating a Template Shell1330Configuring the Content of the Template Sections1331Setting Attributes for PDF and HTML Report Documents1331Editing the Sections of a Report Template1332Setting the Table and Data Format for a Template Section1332Specifying the Search or Filter for a Template Section1333Setting the Search Fields that Appear in Table Format Sections1334Adding a Text Section to a Report Template1334Adding a Page Break to a Report Template1335Setting the Time Window for a Template and Its Sections1335Renaming a Template Section1336Previewing a Template Section1337Working with Searches in Report Template Sections1337Using Input Parameters1338Predefined Input Parameters1338User-Defined Input Parameters1339Editing Document Attributes in a Report Template1342Customizing a Cover Page1343Managing Logos1344Adding a New Logo1344Changing the Logo for a Report Template1345Deleting a Logo1345Using Report Generation Options1346Generating Reports Using the Scheduler1346Distributing Reports by Email at Generation Time1347Using Remote Storage for Reports1347Managing Report Templates and Report Files1348Exporting and Importing Report Templates1349Deleting Report Templates1350Downloading Reports1350Deleting Reports1351Searching for Events1353Performing and Saving Searches1353Performing a Search1354Loading a Saved Search1355Deleting a Saved Search1356Using Wildcards and Symbols in Searches1356Using Objects and Application Filters in Searches1357Specifying Time Constraints in Searches1357Specifying IP Addresses in Searches1357Specifying Ports in Searches1358Stopping Long-Running Queries1359Using Custom Tables1361Understanding Custom Tables1361Understanding Possible Table Combinations1362Creating a Custom Table1365Modifying a Custom Table1367Deleting a Custom Table1368Viewing a Workflow Based on a Custom Table1368Searching Custom Tables1369Understanding and Using Workflows1373Components of a Workflow1373Comparing Predefined and Custom Workflows1375Comparing Workflows for Predefined and Custom Tables1375Predefined Intrusion Event Workflows1376Predefined Malware Workflows1377Predefined File Workflows1378Predefined Captured File Workflows1378Predefined Connection Data Workflows1379Predefined Security Intelligence Workflows1380Predefined Host Workflows1380Predefined Indications of Compromise Workflows1381Predefined Applications Workflows1381Predefined Application Details Workflows1382Predefined Servers Workflows1383Predefined Host Attributes Workflows1383Predefined Discovery Events Workflows1383Predefined User Workflows1384Predefined Vulnerabilities Workflows1384Predefined Third-Party Vulnerabilities Workflows1384Predefined Correlation and White List Workflows1385Predefined System Workflows1385Saved Custom Workflows1386Using Workflows1387Selecting Workflows1388Understanding the Workflow Toolbar1389Using Workflow Pages1390Using Common Table View or Drill-Down Page Functionality1390Using Geolocation1392Using Table View Pages1394Using Drill-Down Pages1394Using the Host View, Packet View, or Vulnerability Detail Pages1395Setting Event Time Constraints1395Changing the Time Window1396Changing the Default Time Window for Your Event Type1400Pausing the Time Window1402Constraining Events1403Using Compound Constraints1405Sorting Table View Pages and Changing Their Layout1406Sorting Drill-Down Workflow Pages1406Selecting Rows on a Workflow Page1407Navigating to Other Pages in the Workflow1407Navigating Between Workflows1408Using Bookmarks1409Creating Bookmarks1410Viewing Bookmarks1410Deleting Bookmarks1410Using Custom Workflows1411Creating Custom Workflows1411Creating Custom Connection Data Workflows1413Viewing Custom Workflows1414Viewing Custom Workflows for Predefined Tables1415Viewing Custom Workflows for Custom Tables1415Editing Custom Workflows1415Deleting Custom Workflows1416Managing Users1417Understanding Cisco User Authentication1417Understanding Internal Authentication1419Understanding External Authentication1419Understanding User Privileges1420Managing Authentication Objects1421Understanding LDAP Authentication1421Setting Defaults1422Setting a Base DN1423Setting a Base Filter1423Selecting an Impersonation Account1423Encrypting Your LDAP Connection1423Setting the User Name Template1424Setting a Connection Timeout1424Using Attributes to Manage Access1424Using Group Membership to Manage Access1425Setting up Shell Access1425Testing the Connection1425Preparing to Create an LDAP Authentication Object1426Quick Start to LDAP Authentication1427Tuning Your LDAP Authentication Connection1429Creating Advanced LDAP Authentication Objects1430Identifying the LDAP Authentication Server1432Configuring LDAP-Specific Parameters1433Configuring Access Settings by Group1437Configuring Administrative Shell Access1438Testing User Authentication1439LDAP Authentication Object Examples1440Example: Basic LDAP Configuration1440Example: Advanced LDAP Configuration1442Editing LDAP Authentication Objects1445Understanding RADIUS Authentication1445Creating RADIUS Authentication Objects1446Configuring RADIUS Connection Settings1447Configuring RADIUS User Roles1448Configuring Administrative Shell Access1450Defining Custom RADIUS Attributes1450Testing User Authentication1451RADIUS Authentication Object Examples1452Authenticating a User Using RADIUS1452Authenticating a User with Custom Attributes1453Editing RADIUS Authentication Objects1456Deleting Authentication Objects1456Managing User Accounts1457Viewing User Accounts1457Adding New User Accounts1458Managing Command Line Access1459Managing Externally Authenticated User Accounts1461Managing User Login Settings1461Configuring User Roles1463Managing Predefined User Roles1463Managing Custom User Roles1465Creating a Custom Copy of a Predefined User Role1467Deleting a Custom User Role1467Modifying User Privileges and Options1468Understanding Restricted User Access Properties1469Modifying User Passwords1469Deleting User Accounts1470User Account Privileges1470Overview Menu1470Analysis Menu1471Policies Menu1474Devices Menu1475Object Manager1476FireAMP1476Health Menu1476System Menu1477Help Menu1478Managing User Role Escalation1478Configuring the Escalation Target Role1478Configuring a Custom User Role for Escalation1479Escalating Your User Role1480Configuring Single Sign-on from Cisco Security Manager1480Scheduling Tasks1483Configuring a Recurring Task1484Automating Backup Jobs1485Automating Certificate Revocation List Downloads1486Automating Nmap Scans1487Preparing Your System for an Nmap Scan1487Scheduling an Nmap Scan1487Automating Applying an Intrusion Policy1488Automating Reports1490Automating Geolocation Database Updates1491Automating FireSIGHT Recommendations1492Automating Software Updates1493Automating Software Downloads1494Automating Software Pushes1495Automating Software Installs1496Automating Vulnerability Database Updates1497Automating VDB Update Downloads1498Automating VDB Update Installs1498Automating URL Filtering Updates1499Viewing Tasks1501Using the Calendar1501Using the Task List1501Editing Scheduled Tasks1502Deleting Scheduled Tasks1503Deleting a Recurring Task1503Deleting a One-Time Task1503Managing System Policies1505Creating a System Policy1506Editing a System Policy1507Applying a System Policy1508Comparing System Policies1508Using the System Policy Comparison View1509Using the System Policy Comparison Report1510Deleting System Policies1511Configuring a System Policy1511Configuring Access Control Policy Preferences1512Configuring the Access List for Your Appliance1512Configuring Audit Log Settings1514Configuring Authentication Profiles1515Configuring Dashboard Settings1517Configuring Database Event Limits1518Configuring DNS Cache Properties1520Configuring a Mail Relay Host and Notification Address1521Configuring Intrusion Policy Preferences1522Specifying a Different Language1523Adding a Custom Login Banner1524Configuring SNMP Polling1525Enabling STIG Compliance1526Synchronizing Time1527Serving Time from the Defense Center1529Configuring User Interface Settings1530Mapping Vulnerabilities for Servers1531Configuring Appliance Settings1533Viewing and Modifying the Appliance Information1534Using Custom HTTPS Certificates1535Viewing the Current HTTPS Server Certificate1535Generating a Server Certificate Request1536Uploading Server Certificates1537Configuring User Certificates1538Enabling Access to the Database1539Configuring Network Settings1540Editing Management Interface Configurations1542Shutting Down and Restarting the System1543Setting the Time Manually1544Managing Remote Storage1546Using Local Storage1546Using NFS for Remote Storage1547Using SSH for Remote Storage1548Using SMB for Remote Storage1549Understanding Change Reconciliation1550Managing Remote Console Access1552Configuring Remote Console Settings on the Appliance1552Enabling Lights-Out Management User Access1553Using a Serial Over LAN Connection1554Using Lights-Out Management1556Enabling Cloud Communications1557Licensing the FireSIGHT System1561Understanding Licensing1561License Types and Restrictions1562FireSIGHT1563RNA Host and RUA User1564Protection1564Control1565URL Filtering1566Malware1566VPN1567Licensing High Availability Pairs1567Licensing Stacked and Clustered Devices1568Licensing Series 2 Appliances1568Understanding FireSIGHT Host and User License Limits1568Understanding the FireSIGHT Host Limit1569Understanding the FireSIGHT User Limit1570Understanding the Access-Controlled User Limit1570Viewing Your Licenses1571Adding a License to the Defense Center1571Deleting a License1572Changing a Device’s Licensed Capabilities1573Updating System Software1575Understanding Update Types1575Performing Software Updates1576Planning for the Update1577Understanding the Update Process1577Updating a Defense Center1580Updating Managed Devices1582Monitoring the Status of Major Updates1584Uninstalling Software Updates1585Updating the Vulnerability Database1587Importing Rule Updates and Local Rule Files1588Using One-Time Rule Updates1589Using Manual One-Time Rule Updates1590Using Automatic One-Time Rule Updates1591Using Recurring Rule Updates1592Importing Local Rule Files1593Viewing the Rule Update Log1595Understanding the Rule Update Log Table1596Viewing Rule Update Import Log Details1596Understanding the Rule Update Import Log Detailed View1597Searching the Rule Update Import Log1598Updating the Geolocation Database1600Monitoring the System1603Viewing Host Statistics1603Monitoring System Status and Disk Space Usage1605Viewing System Process Status1606Understanding Running Processes1608Understanding System Daemons1608Understanding Executables and System Utilities1610Using Health Monitoring1613Understanding Health Monitoring1613Understanding Health Policies1615Understanding Health Modules1615Understanding Health Monitoring Configuration1618Configuring Health Policies1618Understanding the Default Health Policy1619Creating Health Policies1620Configuring Policy Run Time Intervals1622Configuring Advanced Malware Protection Monitoring1622Configuring Appliance Heartbeat Monitoring1623Configuring Automatic Application Bypass Monitoring1623Configuring CPU Usage Monitoring1624Configuring Card Reset Monitoring1625Configuring Discovery Event Status Monitoring1625Configuring Disk Status Monitoring1626Configuring Disk Usage Monitoring1627Configuring FireAMP Status Monitoring1628Configuring FireSIGHT Host Usage Monitoring1628Configuring Hardware Alarm Monitoring1629Configuring Health Status Monitoring1630Configuring Inline Link Mismatch Alarm Monitoring1631Configuring Intrusion Event Rate Monitoring1631Understanding License Monitoring1632Configuring Link State Propagation Monitoring1632Configuring Memory Usage Monitoring1633Configuring Power Supply Monitoring1634Configuring Process Status Monitoring1634Configuring RRD Server Process Monitoring1635Configuring Security Intelligence Monitoring1636Configuring Time Series Data Monitoring1637Configuring Time Synchronization Monitoring1637Configuring Traffic Status Monitoring1638Configuring URL Filtering Monitoring1638Configuring User Agent Status Monitoring1639Configuring VPN Status Monitoring1640Applying Health Policies1640Editing Health Policies1641Comparing Health Policies1643Using the Health Policy Comparison View1644Using the Health Policy Comparison Report1644Deleting Health Policies1646Using the Health Monitor Blacklist1646Blacklisting Health Policies or Appliances1647Blacklisting an Appliance1648Blacklisting a Health Policy Module1648Configuring Health Monitor Alerts1649Creating Health Monitor Alerts1649Interpreting Health Monitor Alerts1650Editing Health Monitor Alerts1651Deleting Health Monitor Alerts1651Using the Health Monitor1652Interpreting Health Monitor Status1652Using Appliance Health Monitors1653Viewing Alerts by Status1654Running All Modules for an Appliance1654Running a Specific Health Module1655Generating Health Module Alert Graphs1656Using the Health Monitor to Troubleshoot1657Generating Appliance Troubleshooting Files1657Downloading Troubleshooting Files1658Working with Health Events1658Understanding Health Event Views1659Viewing Health Events1659Viewing All Health Events1659Viewing Health Events by Module and Appliance1660Working with the Health Events Table View1661Interpreting Hardware Alert Details for 3D9900 Devices1662Interpreting Hardware Alert Details for Series 3 Devices1663Understanding the Health Events Table1664Searching for Health Events1665Auditing the System1669Managing Audit Records1669Viewing Audit Records1670Working with Audit Events1671Suppressing Audit Records1672Understanding the Audit Log Table1675Using the Audit Log to Examine Changes1675Searching Audit Records1676Viewing the System Log1678Filtering System Log Messages1678Using Backup and Restore1681Creating Backup Files1682Creating Backup Profiles1683Backing up Your Managed Devices with a Defense Center1684Uploading Backups from a Local Host1685Restoring the Appliance from a Backup File1686Specifying User Preferences1689Changing Your Password1689Changing an Expired Password1690Specifying Your Home Page1690Configuring Event View Settings1691Event Preferences1691File Preferences1692Default Time Windows1693Default Workflows1694Setting Your Default Time Zone1695Specifying Your Default Dashboard1695Importing and Exporting Configurations1697Exporting Configurations1697Importing Configurations1700Purging Discovery Data from the Database1705Viewing the Status of Long-Running Tasks1707Viewing the Task Queue1707Managing the Task Queue1708Command Line Reference1711Basic CLI Commands1712configure password1712end1712exit1713help1713history1713logout1714? (question mark)1714?? (double question marks)1714Show Commands1715access-control-config1716alarms1717arp-tables1717audit-log1717bypass1717clustering1718config1718clustering ha-statistics1718cpu1718database1719processes1720slow-query-log1720device-settings1720disk1720disk-manager1721dns1721expert1721fan-status1722fastpath-rules1722gui1722hostname1723hosts1723hyperthreading1723inline-sets1723interfaces1724ifconfig1724lcd1724link-state1725log-ips-connection1725managers1725memory1726model1726mpls-depth1726NAT1726active-dynamic1727active-static1727allocators1727config1727dynamic-rules1727flows1728static-rules1728netstat1728network1728network-modules1729ntp1729perfstats1729portstats1730power-supply-status1730process-tree1730processes1730route1731routing-table1731serial-number1731stacking1732summary1732time1732traffic-statistics1733user1733users1734version1734virtual-routers1735virtual-switches1735VPN1735config1735config by virtual router1736status1736status by virtual router1736counters1736counters by virtual router1736Configuration Commands1737clustering1737bypass1737gui1738lcd1738log-ips-connections1738manager1739add1739delete1739mpls-depth1739network1740dns searchdomains1740dns servers1740hostname1740http-proxy1741http-proxy-disable1741ipv4 delete1741ipv4 dhcp1741ipv4 manual1742ipv6 delete1742ipv6 dhcp1742ipv6 router1742ipv6 manual1743management-port1743password1743stacking disable1743user1744add1744aging1745delete1745disable1745enable1745forcereset1745maxfailedlogins1746password1746strengthcheck1746unlock1746System Commands1747access-control1747archive1747clear-rule-counts1747rollback1748disable-http-user-cert1748file1748copy1748delete1749list1749secure-copy1749generate-troubleshoot1749ldapsearch1750lockdown-sensor1750nat rollback1750reboot1751restart1751shutdown1751Security, Internet Access, and Communication Ports1753Internet Access Requirements1753Communication Ports Requirements1754Third-Party Products1759End User License Agreement1761Limited Warranty1764DISCLAIMER OF WARRANTY1765Glossary1769Index1807Размер: 14,5 МБСтраницы: 1844Язык: EnglishПросмотреть