Sourcefire Fireamp User Guide
Total Page:16
File Type:pdf, Size:1020Kb
Sourcefire FireAMP User Guide Version 4.5 Terms of Use Applicable to the User Documentation The legal notices, disclaimers, terms of use, and other information contained herein (the "terms") apply only to the information discussed in this documentation (the "Documentation") and your use of it. These terms do not apply to or govern the use of websites controlled by Sourcefire, Inc. or its subsidiaries (collectively, "Sourcefire") or any Sourcefire-provided products. Sourcefire products are available for purchase and subject to a separate license agreement and/or terms of use containing very different terms and conditions. Terms of Use and Copyright and Trademark Notices The copyright in the Documentation is owned by Sourcefire and is protected by copyright and other intellectual property laws of the United States and other countries. You may use, print out, save on a retrieval system, and otherwise copy and distribute the Documentation solely for non-commercial use, provided that you (i) do not modify the Documentation in any way and (ii) always include Sourcefire's copyright, trademark, and other proprietary notices, as well as a link to, or print out of, the full contents of this page and its terms. No part of the Documentation may be used in a compilation or otherwise incorporated into another work or with or into any other documentation or user manuals, or be used to create derivative works, without the express prior written permission of Sourcefire. Sourcefire reserves the right to change the terms at any time, and your continued use of the Documentation shall be deemed an acceptance of those terms. Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, Immunet, ClamAV and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. © 2004 - 2013 Cisco and/or its affiliates. All rights reserved. Disclaimers THE DOCUMENTATION AND ANY INFORMATION AVAILABLE FROM IT MAY INCLUDE INACCURACIES OR TYPOGRAPHICAL ERRORS. SOURCEFIRE MAY CHANGE THE DOCUMENTATION FROM TIME TO TIME. SOURCEFIRE MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE ACCURACY OR SUITABILITY OF ANY SOURCEFIRE-CONTROLLED WEBSITE, THE DOCUMENTATION AND/OR ANY PRODUCT INFORMATION. SOURCEFIRE-CONTROLLED WEBSITES, THE DOCUMENTATION AND ALL PRODUCT INFORMATION ARE PROVIDED "AS IS" AND SOURCEFIRE DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF TITLE AND THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL SOURCEFIRE BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF DATA, LOSS OF PROFITS, AND/OR BUSINESS INTERRUPTIONS), ARISING OUT OF OR IN ANY WAY RELATED TO SOURCEFIRE-CONTROLLED WEBSITES OR THE DOCUMENTATION, NO MATTER HOW CAUSED AND/OR WHETHER BASED ON CONTRACT, STRICT LIABILITY, NEGLIGENCE OR OTHER TORTUOUS ACTIVITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF SOURCEFIRE IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. The Documentation may contain "links" to websites that are not created by, or under the control of Sourcefire. Sourcefire provides such links solely for your convenience, and assumes no responsibility for the availability or content of such other sites. 2014-Mar-05 11:44 Table of Contents Table of Contents Chapter 1: Introduction .................................................................................. 6 Chapter 2: Dashboard..................................................................................... 7 System Requirements .......................................................................................... 7 Menu .................................................................................................................... 8 Dashboard................................................................................................ 8 Analysis.................................................................................................... 8 Outbreak Control ..................................................................................... 9 Reports .................................................................................................... 9 Management ......................................................................................... 10 Accounts................................................................................................ 11 Overview Tab...................................................................................................... 11 Indications of Compromise.................................................................... 12 Malware and Network Threat Detections.............................................. 13 Events Tab .......................................................................................................... 13 Filters and Subscriptions........................................................................ 13 SHA-256 File Info Context Menu........................................................... 14 List View ................................................................................................ 15 Heat Map Tab ..................................................................................................... 15 Chapter 3: Outbreak Control........................................................................ 17 Simple Custom Detections................................................................................. 17 Application Blocking............................................................................................ 19 Advanced Custom Signatures............................................................................. 20 Custom Whitelists .............................................................................................. 22 IP Black / White Lists.......................................................................................... 23 IP Black Lists.......................................................................................... 23 IP White Lists ........................................................................................ 24 Editing IP Black / White Lists ................................................................. 25 Custom Exclusion Sets....................................................................................... 25 Creating and Managing Custom Exclusion Sets.................................... 26 Antivirus Compatibility Using Exclusions............................................... 26 Android Custom Detections ............................................................................... 30 Version 4.5 Sourcefire FireAMP User Guide 1 Table of Contents Chapter 4: Policies ........................................................................................ 32 Policy Contents................................................................................................... 33 Name, Lists, and Description................................................................. 33 FireAMP Windows Connector............................................................................ 34 General Tab............................................................................................ 35 File Tab................................................................................................... 40 Network Tab........................................................................................... 46 FireAMP Mac Connector .................................................................................... 47 General Tab............................................................................................ 47 File Tab................................................................................................... 51 Network Tab........................................................................................... 54 FireAMP Mobile Policy........................................................................................ 54 Connector > Administrative Features .................................................... 55 Policy Summary .................................................................................................. 55 Chapter 5: Groups ......................................................................................... 56 Configuring the Group ........................................................................................ 56 Name and Description ........................................................................... 57 Parent Menu .......................................................................................... 57 Policy Menu ........................................................................................... 57 Adding Computers................................................................................. 58 Moving Computers ................................................................................ 58 Chapter 6: Deploying the FireAMP Windows Connector ....................... 59 Direct Download ................................................................................................. 59 Email..................................................................................................................