Cisco Cisco Firepower Management Center 4000
Glossary
GL-17
FireSIGHT System User Guide
correlation policy
A policy that describes the network activity that constitutes a
s and
s. You can specify
s to each rule or white list within a policy.
correlation rule
With
s, one of the ways you can specify criteria that network traffic must meet in
order to violate a
. You can use the
to configure correlation rules to
trigger (and generate a
) when a specific
,
,
occurs, or when your network traffic deviates from your
normal network traffic pattern as characterized in a
. You can constrain correlation rules
with
s. You can also
configure the Defense Center to launch a response, such as an
, when a correlation
rule triggers.
CRL
See
current identity
identity that the system finds most likely to be correct for a particular
network asset. The system uses this data in many ways; for example, to calculate statistics, assign
information, assess impact of an attack, and evaluate
s.
current user
The user that the system associates with a
. If the user is an
, the system can
perform
on traffic to or from that host. If no access-controlled user is associated with the
host, a
can be the current user for the host. However, after an
access-controlled user logs into the host, only a login by another access-controlled user changes the
current user.
current user.
custom detection list
A list of files as represented by their
s. When the system detects a file in the list, it
does not perform a
, treating the file as malware, even if the
for the file
in the
custom fingerprint
See
.
custom table
A table you can construct that combines fields from two or more of the predefined tables delivered with
the FireSIGHT System. For example, you could combine the
the FireSIGHT System. For example, you could combine the
information from the
s table with information from the
data table to examine connection data in a new
context.
custom topology
A feature that allows you to meaningfully organize and identify subnets in the
, and