FireSIGHT (SourceFire) – AMP Malware Inspection

Advertisement

KB ID 0001159 Dtd 15/02/16

Problem

If you take a look in your SourceFire dashboard, and there is no data shown on the malware threat section like so;

No Malware Threats

Solution

The message is pretty descriptive, and it’s telling you exactly what you need to do. Now I’m making the assumption that you have added a valid AMP / Malware licence like so;

AMP Licence SourceFire

Policies > Access Control > Edit your access control policy > Then Edit the file policy.

Access Control Policy

Add in “Block Malware with Reset”.

SourceFire Block Malware

You can test the rule is applying correctly by trying to download the eicar test infected files;

Eicar

Then after a short time, you should start to see the malware threats window start to show some data.

Malware Threat Dashboard

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *