Cisco Cisco Firepower Management Center 4000
44-11
FireSIGHT System User Guide
Chapter 44 Working with Reports
Using Report Templates
•
Application Protocols Transferring Malware
•
Hosts Receiving Malware
•
Hosts Sending Malware
•
Users Affected by Malware
•
Malware Intrusions
•
File Types Infected with Malware
•
Applications Introducing Malware
•
Table View of Malware Events
Note that neither Series 2 devices nor the DC500 Defense Center support network-based malware
protection, which can affect the data detected and displayed. For example, a Series 3 Defense Center
managing only Series 2 devices can display only endpoint-based malware events.
protection, which can affect the data detected and displayed. For example, a Series 3 Defense Center
managing only Series 2 devices can display only endpoint-based malware events.
FireSIGHT Report: $<Customer Name>
The FireSIGHT Report: $<Customer Name> report template provides overall information about an
organization’s network. This report template contains the following sections:
organization’s network. This report template contains the following sections:
•
Summary of Application Traffic by Risk
•
Risky Applications with Low Business Relevance
•
Users of Risky Applications
•
Anonymizers and Proxies
•
Typically High Bandwidth Applications
•
Applications by Total Bandwidth
•
Hosts Accessing Sensitive Network
•
Users Accessing Sensitive Network
•
Applications on Sensitive Network
•
Ports and Protocols Related to Sensitive Network
•
Hosts Visiting Malicious URLs
•
Users Visiting Malicious URLs
•
Granular Application Usage
•
Web Applications
•
Client Applications
•
Application Protocols
•
Web Browser Versions
•
Operating System Versions
•
Overall User Activity
•
Intrusion Events by Impact
•
Intrusion Events by Impact (After Blocking)
•
Intrusion Events by Application
•
Top Intrusion Events
•
Comprehensive Application List