Version 5.2 Sourcefire 3D System Installation Guide 18
Introduction to the Sourcefire 3D System
Sourcefire 3D System Components
Chapter 1
• advanced settings, such as preprocessors and other detection and
performance features
• preprocessor rules that allow you to generate events for associated
preprocessors and preprocessor options
File Tracking, Control, and Malware Protection
To help you identify and mitigate the effects of malware, the Sourcefire 3D
System’s file control, network file trajectory, and advanced malware protection
components can detect, track, and optionally block the transmission of files
(including malware files) in network traffic.
File control is a policy-based feature, integrated into access control, that allows
managed devices to detect and block your users from uploading (sending) or
downloading (receiving) files of specific types over specific application protocols.
Network-based advanced malware protection (AMP) allows the system to inspect
network traffic for malware in specific types of files. When a managed device
detects one of these file types, the Defense Center obtains the file’s disposition
from the Sourcefire cloud. The managed device uses this information to track and
then block or allow the file.
FireAMP is Sourcefire’s enterprise-class, endpoint-based AMP solution. If your
organization has a FireAMP subscription, individual users install FireAMP
Connectors on their computers and mobile devices. These lightweight agents
communicate with the Sourcefire cloud, which in turn communicates with the
Defense Center. In this way, you can use the Defense Center to view malware
detection and quarantines on the endpoints in your organization, as well as to
track the malware’s trajectory.
Application Programming Interfaces
There are several ways to interact with the system using application programming
interfaces (APIs):
• The Event Streamer (eStreamer) allows you to stream several kinds of event
data from a Sourcefire appliance to a custom-developed client application.
• The database access feature allows you to query several database tables on
a Defense Center, using a third-party client that supports JDBC SSL
connections.
• The host input feature allows you to augment the information in the
network map by importing data from third-party sources using scripts or
command-line files.
• Remediations are programs that your Defense Center can automatically
launch when certain conditions on your network are met. This can not only
automatically mitigate attacks when you are not immediately available to
address them, but can also ensure that your system remains compliant with
your organization’s security policy.
To Next Page
Loading...