Malware defense
|
Malware cloud lookups.
|
Both peers perform lookups.
|
See Required Server Addresses for
Proper Cisco Secure Endpoint & Malware Analytics
Operations.
|
Download signature updates for file preclassification and local
malware analysis.
|
Active peer downloads, syncs to standby.
|
updates.vrt.sourcefire.com
amp.updates.vrt.sourcefire.com
|
Submit files for dynamic analysis (managed devices).
Query for dynamic analysis results (management center).
|
Both peers query for dynamic analysis reports.
|
fmc.api.threatgrid.com
fmc.api.threatgrid.eu
|
AMP for Endpoints
|
Receive malware events detected by AMP for
Endpoints from the AMP cloud.
Display malware events detected by the system in AMP for
Endpoints.
Use centralized file Block and Allow lists created in AMP for
Endpoints to override dispositions from the AMP cloud.
|
Both peers receive events.
You must also configure the cloud connection on both peers
(configuration is not synced).
|
See Required Server Addresses for
Proper Cisco Secure Endpoint & Malware Analytics
Operations.
|
Security intelligence
|
Download security intelligence feeds.
|
Active peer downloads, syncs to standby.
|
intelligence.sourcefire.com
|
URL filtering
|
Download URL category and reputation
data.
Manually query (look up) URL category and reputation data.
Query for uncategorized URLs.
|
Active peer downloads, syncs to standby.
|
URLs:
IPv4 blocks:
-
146.112.62.0/24
-
146.112.63.0/24
-
146.112.255.0/24
-
146.112.59.0/24
IPv6 blocks:
-
2a04:e4c7:ffff::/48
-
2a04:e4c7:fffe::/48
|
Cisco Smart Licensing
|
Communicate with the Cisco Smart Software Manager.
|
Active peer communicates.
|
tools.cisco.com:443
www.cisco.com
|
Cisco Success Network
|
Transmit usage information and statistics.
|
Active peer communicates.
|
api-sse.cisco.com:8989
dex.sse.itd.cisco.com
dex.eu.sse.itd.cisco.com
|
Cisco Support Diagnostics
|
Accepts authorized requests and transmits usage information and
statistics.
|
Active peer communicates.
|
api-sse.cisco.com:8989
|
System updates
|
Download updates directly from Cisco to the management center:
|
Update intrusion rules, the VDB, and the GeoDB on the active
peer, which then syncs to the standby.
Upgrade the system software independently on each peer.
|
cisco.com
sourcefire.com
|
SecureX threat response integration
|
See the appropriate integration guide.
|
Time synchronization
|
Synchronize time in your deployment.
Not supported with a proxy server.
|
Any appliance using an external NTP server must have internet
access.
|
0.sourcefire.pool.ntp.org
1.sourcefire.pool.ntp.org
2.sourcefire.pool.ntp.org
3.sourcefire.pool.ntp.org
|
RSS feeds
|
Display the Cisco Threat Research Blog on
the dashboard.
|
Any appliance displaying RSS feeds must have internet access.
|
blog.talosintelligence.com
|
Whois
|
Request whois information for an external
host.
Not supported with a proxy server.
|
Any appliance requesting whois information must have internet
access.
|
The whois client tries to guess the right server to query. If it
cannot guess, it uses:
|