Version 5.2 Sourcefire 3D System User Guide 269
FireAMP
to
health module
Glossary
FireAMP Sourcefire’s enterprise-class, endpoint-based, advanced malware analysis and
protection solution that discovers, understands, and blocks malware outbreaks,
persistent threats, and targeted attacks. If your organization has a FireAMP
subscription, individual users install lightweight FireAMP Connectors on
endpoints (computers, mobile devices), which then communicate with the
Sourcefire cloud. This allows you to quickly identify and quarantine malware, as
well as identify outbreaks when they occur, track their trajectory, understand their
effects, and learn how to successfully recover. You can also use the FireAMP
portal to create custom protections, block execution of certain applications, and
create custom whitelists. Compare with network-based advanced malware
protection.
FireAMP Connector A lightweight agent that users in a subscription-based FireAMP deployment
install on endpoints, such as computers and mobile devices. Connectors
communicate with the Sourcefire cloud, exchanging information that allow you to
quickly identify and quarantine malware throughout your organization.
FireAMP portal The website, http://amp.sourcefire.com/, where you can configure your
organization’s subscription-based FireAMP deployment.
FireAMP subscription A separately purchased subscription that allows your organization to use FireAMP
as an advanced malware protection (AMP) solution. Compare with a Malware
license, which you enable on managed devices to perform network-based AMP.
FireSIGHT license The default license on the Defense Center, which allows you to perform host,
application, and user discovery. The FireSIGHT license also determines how many
individual hosts and users you can monitor with the Defense Center and its
managed devices, as well as the number of access-controlled users you can use
in access control rules to perform user control.
GeoDB See geolocation database.
geolocation A feature that provides data on the geographical source of routable IP addresses
detected in traffic on your monitored network including connection type, internet
service provider, and so on. You can see geolocation information which is stored
in the geolocation database, in connection events, intrusion events, file events,
and malware events, as well as in host profiles.
geolocation database Also called the GeoDB, a regularly updated database of known geolocation data
associated with routable IP addresses.
health module A test of a particular performance aspect, such as CPU usage or available disk
space, of the appliances in your deployment. Health modules, which you enable
in a health policy, generate health events when the performance aspects they
monitor reach a certain level.
To Next Page
Loading...