Cisco Cisco Firepower Management Center 4000
Glossary
GL-27
FireSIGHT System User Guide
incident
One or more
s that you suspect are involved in a possible violation of your
The system provides incident-handling features that you can use to collect and process information that
is relevant to your investigation of the incident.
is relevant to your investigation of the incident.
indications of compromise
Configured in the
, a feature where the FireSIGHT System data correlator and
endpoint data analysis correlate events that may indicate a security compromise with hosts on
your monitored network. Potentially compromised hosts are marked with tags to indicate their status,
visible in the
visible in the
and in relevant event views. Abbreviated as IOC.
inline deployment
s are placed inline on a network. In
this configuration, devices can affect network traffic flow using switching, routing,
.
inline interface
A
. You must add inline interfaces
to
s in pairs.
inline set
One or more pairs of
s.
Interactive Block
that allows your users to click a button on an
to
continue to an initially blocked web site.
internal authentication
An authentication method that stores user credentials in a local database on the
logs into the appliance, the user name and password are checked against the information in the database.
Compare with
Compare with
intrusion
A security breach, attack, or exploit that occurs on your network.
intrusion detection and prevention
The monitoring of your network traffic for
violations, and, in
ability to block or alter malicious traffic. In the FireSIGHT System, you perform intrusion detection and
prevention when you associate an intrusion policy with an access control rule or default action.
prevention when you associate an intrusion policy with an access control rule or default action.
intrusion event
violation. Intrusion event data includes the date, time, and the
type of exploit, as well as other contextual information about the attack and its target.