https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4608019#M1089944 <P>Is your VDB is updated?</P> <P>&nbsp;</P> <P>Integrating AMP for Network with AMP Threat<BR />1- Files is downloaded through AMP for Network<BR />2- AMP for Network calculates File hash (SHA256) and sends it to FMC for disposition lookup. Last packet is on hold by device till disposition is received.<BR />3- FMC sends hash lookup to AMP CSI to identify hash disposition<BR />4- CSI Cloud responds to the lookup with disposition “Unknown”<BR />5- FMC records the disposition “Unknown” in File Trajectory<BR />6- AMP for Network releases the last packet and submits a copy of the file to AMP Threat Grid for Dynamic Intelligence (Sandbox)<BR />7- Threat Score (e.g. &gt;=95) is calculated based on Behavioural Indicators and Threat Intelligence obtained by FMC polling<BR />8- Subsequent downloads of the same file will be blocked by AMP for Network<BR />9- AMP Solution also leverages CSI Cloud for Continuous Analysis and Retrospective Security.<BR />10- Retrospective Call for a disposition change from Unknown to Malicious</P> <P>&nbsp;</P> <P>however, to answer your question I do not think there is a database information avabilabe on firepower. all goes on cloud to check the SHA etc.</P> Wed, 11 May 2022 08:42:58 GMT Sheraz.Salim 2022-05-11T08:42:58Z https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4607986#M1089943 <P>Hi there,</P><P><BR />Is Cisco Firepower have a Database for malware signature?</P><P><BR />When i check TECSEC-2599.pdf p77, the information is: FTD will first calculation the sha, and than send to FMC and FMC will check the Reputation from AMP Cloud.</P><P><BR />But i got another information by other SE, they said there is a database include Malware information on VDB.</P><P>&nbsp;</P><P>After i check the VDB infomation :According the information on Cisco Vulnerability Database (VDB) Release Notes.</P><P>It include the</P><P>Application Protocol Detectors</P><P>Client Detectors</P><P>Web Application Detectors</P><P>FireSIGHT Detector Updates</P><P>Operating System Fingerprint Details</P><P>Operating System and Hardware Fingerprint Details</P><P>Vulnerability References</P><P>File Type Detectors</P><P><BR />Didn't see anything similar like malware database.</P><P>Is there any malware database information in VDB or anywhere on Firepower?</P><P><BR />Thanks</P> Wed, 11 May 2022 07:11:37 GMT https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4607986#M1089943 RyanHsiao99746 2022-05-11T07:11:37Z https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4608019#M1089944 <P>Is your VDB is updated?</P> <P>&nbsp;</P> <P>Integrating AMP for Network with AMP Threat<BR />1- Files is downloaded through AMP for Network<BR />2- AMP for Network calculates File hash (SHA256) and sends it to FMC for disposition lookup. Last packet is on hold by device till disposition is received.<BR />3- FMC sends hash lookup to AMP CSI to identify hash disposition<BR />4- CSI Cloud responds to the lookup with disposition “Unknown”<BR />5- FMC records the disposition “Unknown” in File Trajectory<BR />6- AMP for Network releases the last packet and submits a copy of the file to AMP Threat Grid for Dynamic Intelligence (Sandbox)<BR />7- Threat Score (e.g. &gt;=95) is calculated based on Behavioural Indicators and Threat Intelligence obtained by FMC polling<BR />8- Subsequent downloads of the same file will be blocked by AMP for Network<BR />9- AMP Solution also leverages CSI Cloud for Continuous Analysis and Retrospective Security.<BR />10- Retrospective Call for a disposition change from Unknown to Malicious</P> <P>&nbsp;</P> <P>however, to answer your question I do not think there is a database information avabilabe on firepower. all goes on cloud to check the SHA etc.</P> Wed, 11 May 2022 08:42:58 GMT https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4608019#M1089944 Sheraz.Salim 2022-05-11T08:42:58Z https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4608203#M1089956 <P>As <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/287680">@Sheraz.Salim</a> said - there's not a local Malware database.</P> <P>The VDB is a separate database with the purpose of providing information about vulnerabilities to better inform IPS rule application and categorization of impact.</P> Wed, 11 May 2022 13:13:50 GMT https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/4608203#M1089956 Marvin Rhoads 2022-05-11T13:13:50Z https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/5073516#M1111433 <P>Hi<BR />Might be possible to update the signature for an offline device ?</P><P>&nbsp;</P><P>Thanks by advance</P> Fri, 19 Apr 2024 07:40:04 GMT https://community.cisco.com/t5/network-security/cisco-firepower-malware-signature/m-p/5073516#M1111433 Anthael 2024-04-19T07:40:04Z