Cisco Cisco Firepower Management Center 4000
Glossary
GL-21
FireSIGHT System User Guide
Event Streamer
See
.
event suppression
A feature that allows you to use suppress
s when a specific IP address or range of IP
addresses triggers an
. Event suppression is useful for eliminating false positives. For
example, if you have an email server that transmits packets that look like a specific exploit, you can
suppress events for the rules that are triggered by that server, so you only see the events for legitimate
attacks.
suppress events for the rules that are triggered by that server, so you only see the events for legitimate
attacks.
event thresholding
based on how many times the event is generated within a specified time period. Use event thresholding
if you are overwhelmed with a large number of identical events.
if you are overwhelmed with a large number of identical events.
event viewer
A component of the system that allows you to view and manipulate
s. The event viewer uses
s to present a broad, then a more focused event view that contains only the events of interest to
you. You can constrain the events in an event view by drilling down through the workflow, or by using
a search.
a search.
export
A method that you can use to transfer various configurations (such as policies) from
appliance. After you export a configuration from one appliance, you can
it onto another appliance
of the same type.
external authentication
A method (such as
or
) that uses externally stored user
credentials to authenticate user names and passwords when users log into FireSIGHT System
s.
Compare with
.
failsafe
A characteristic of an
that allows packets to bypass processing and continue through the
if internal traffic buffers are full.
fast-path rule
A
that you configure at a
’s hardware level, using a limited set of criteria, to allow traffic that
does not need to be analyzed to bypass processing.
feed
See
fingerprint
An established definition that the system compares against specific packet header values and other
unique data from network traffic to identify a
unique data from network traffic to identify a
's operating system. If the system misidentifies or
cannot identify a host's operating system, you can create a custom fingerprint that identifies the host.