cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3296
Views
0
Helpful
6
Replies

Submitting files for Dyn Analysis: from SFR module or could it be done by FMC?

cpaquet
Level 1
Level 1

By reading the FirePOWER documentation and by looking at Cisco Live slides (see uploaded slide), it seems that files are submitted for dynamic analysis by the ASA-SFR directly for dynamic analysis.  

Could the files be submitted for dynamic analysis by FMC 6.0 instead of SFR?

Thanks,

Cath.

1 Accepted Solution

Accepted Solutions

majacob2
Cisco Employee
Cisco Employee

Hey Cath,

     Dynamic analysis capable files are sent by the sensor to the cloud for analysis. The sensor in your deployment is the SFR module on the ASA. The way that dynamic analysis is designed, the file is only sent from the SFR module. There is no configuration that allows you to send file from the FMC for dynamic analysis. The file is intercepted at the sensor (SFR Module), not the FMC, so we have to send the file from the sensor to be analyzed. I hope this addresses your question adequately. Have a nice day!

Regards,

Matt J

FireAMP Engineer @Cisco

View solution in original post

6 Replies 6

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Team,

For dynamic analysis, files are never sent from FMC and thus its not possible to use it instead of SFR.

Rate and mark correct if the post helps you.

Regards

Jetsy 

Hello Team,

Is your queries clear ?

If so , please rate and mark correct if the post helps you.

Regards

Jetsy 

majacob2
Cisco Employee
Cisco Employee

Hey Cath,

     Dynamic analysis capable files are sent by the sensor to the cloud for analysis. The sensor in your deployment is the SFR module on the ASA. The way that dynamic analysis is designed, the file is only sent from the SFR module. There is no configuration that allows you to send file from the FMC for dynamic analysis. The file is intercepted at the sensor (SFR Module), not the FMC, so we have to send the file from the sensor to be analyzed. I hope this addresses your question adequately. Have a nice day!

Regards,

Matt J

FireAMP Engineer @Cisco

majacob2
Cisco Employee
Cisco Employee

Hey Cath,

     Dynamic analysis capable files are sent by the sensor to the cloud for analysis. The sensor in your deployment is the SFR module on the ASA. The way that dynamic analysis is designed, the file is only sent from the SFR module. There is no configuration that allows you to send file from the FMC for dynamic analysis. The file is intercepted at the sensor (SFR Module), not the FMC, so we have to send the file from the sensor to be analyzed. I hope this addresses your question adequately. Have a nice day!

Regards,

Matt J

FireAMP Engineer @Cisco

what if you are dealing with sensitive documents? would dynamic analysis upload those sensitive documents to the cloud for analysis?

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Team,

Is your queries are clear now ?

Regards

Jetsy