FireSIGHT (SourceFire) – AMP Malware Inspection

KB ID 0001159 Dtd 15/02/16


If you take a look in your SourceFire dashboard, and there is no data shown on the malware threat section like so;

No Malware Threats


The message is pretty descriptive, and it’s telling you exactly what you need to do. Now I’m making the assumption that you have added a valid AMP / Malware licence like so;

AMP Licence SourceFire

Policies > Access Control > Edit your access control policy > Then Edit the file policy.

Access Control Policy

Add in “Block Malware with Reset”.

SourceFire Block Malware

You can test the rule is applying correctly by trying to download the eicar test infected files;


Then after a short time, you should start to see the malware threats window start to show some data.

Malware Threat Dashboard

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *