Cisco Cisco Firepower Management Center 4000

See 

.

A feature that allows you to use suppress 

s when a specific IP address or range of IP 

addresses triggers an 

. Event suppression is useful for eliminating false positives. For 

example, if you have an email server that transmits packets that look like a specific exploit, you can 
suppress events for the rules that are triggered by that server, so you only see the events for legitimate 
attacks.

A feature that allows you to limit the number of times the system logs and displays an 

based on how many times the event is generated within a specified time period. Use event thresholding 
if you are overwhelmed with a large number of identical events.

A component of the system that allows you to view and manipulate 

s. The event viewer uses 

s to present a broad, then a more focused event view that contains only the events of interest to 

you. You can constrain the events in an event view by drilling down through the workflow, or by using 
a search. 

A method that you can use to transfer various configurations (such as policies) from 

 to 

appliance. After you export a configuration from one appliance, you can 

 it onto another appliance 

of the same type.

A method (such as 

 or 

) that uses externally stored user 

credentials to authenticate user names and passwords when users log into FireSIGHT System 

s. 

Compare with 

.

A characteristic of an 

 that allows packets to bypass processing and continue through the 

if internal traffic buffers are full.

A 

 that you configure at a 

’s hardware level, using a limited set of criteria, to allow traffic that 

does not need to be analyzed to bypass processing.

See 

An established definition that the system compares against specific packet header values and other 
unique data from network traffic to identify a 

's operating system. If the system misidentifies or 

cannot identify a host's operating system, you can create a custom fingerprint that identifies the host.