08-15-2015 04:44 PM - edited 03-10-2019 06:26 AM
I have a Sourcefire implementation with FMC 5.4.1 and an ASA 5506-x running firepower 5.4.1. I have configured a file policy to inspect all files and have an access control rule that does cloud malware lookups, including sphero and dynamic lookups for unknown files.
In my file policy, I checked the option to store unknown files. However, when doing an analysis of files that come back with an unknown disposition, I am unable to download the files. Instead the link is greyed out, and I get a message stating ‘ File not stored, cannot download’.
Is this a limitation on the ASA 5506-x? Can I not store files on it? Thanks!!
On a side note, for files that are stored on the Firepower sensor hard drive. How long are they stored before they get deleted? Or are they just sored till they fill up the hard drive? How do you delete the captured files off the SSD drive?
08-15-2015 07:47 PM
I can't find the reference to confirm' but I seem to remember that is a limitation of the appliances that use local storage only and not an external FireSIGHT Management Center.
Re you side note, I'm not sure.
10-30-2015 11:39 AM
I have a simliar configuration and wondering the same thing. Hopefully someone can chime in.
04-06-2016 01:19 AM
Hi,
any resolution on that. I have the same problem on the similar setup.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide