Firewall - Cisco Firepower
| LP_Cisco Firepower Dashboard | |
|---|---|
| Description | This dashboard has widgets that can provide an overview of Network, access, ingress and egress traffic |
| Log source | Cisco Firepower |
| Value | Displays information from Cisco Firepower about users, incoming and outgoing traffic. |
| Rationale | This dashboard offers a comprehensive overview of user activity, access patterns, application usage, and geolocated traffic insights, enabling organizations to detect unauthorized access and suspicious communication flows. It helps in identifying abnormal behaviors early and supports NIST 800-53 SI-4 (System Monitoring), ISO 27001 A.13.1.1 (Network Controls), and CIS Control 13.1 (Network Monitoring). |
| Widgets / Use cases |
1. Top 10 Users in Action 2. Top 10 Access Categorised 3. Trend of Connection Status 4. Top 10 Sources in Allowed Connection 5. Top 10 Sources in Denied Connection 6. Top 10 Destinations in Denied Connection 7. Top 10 Destinations in Allowed Connection 8. Top 10 Users by Social Site Accessed 9. Top 10 Source Countries in Allowed Connection 10. Top 10 Source Countries in Denied Connection 11. Top 10 Destination Countries in Denied Connection 12. Top 10 Destination Countries in Allowed Connection 13. Top 10 Applications 14. Top 10 NAP Policy 15. Top 10 Denied Destination Port 16. Top 10 Allowed Destination Portsed 17. Top 10 Social Sites Accessed 18. Trend of Access by URL Reputation 19. Suspicious Sites Access: No repos selected 20. Benign Sites with Security Risks Access: No repos selected |
| Comments | Some widgets display 'Top 10' data, which gives a good idea of what is happening in the environment. It is possible to adjust the number of views to suit your organization. |
| Type | Dashboard |
| MITRE ATT&CK | T1040 – Network Sniffing |
