CA certificate bundles
|
Queries for new CA certificates at a daily system-defined time.
The local CA bundle contains certificates to access several
Cisco services.
Requires Version 7.2.4.
|
Each peer downloads its own certificates.
|
cisco.com/security/pki
|
Malware defense
|
Secure Malware Analytics
Cloud lookups.
|
Both peers perform lookups.
|
Required Server Addresses for
Proper Cisco Secure Endpoint & Malware Analytics
Operations
|
Download signature updates for file preclassification and local
malware analysis.
|
Active peer downloads, syncs to standby.
|
updates.vrt.sourcefire.com
amp.updates.vrt.sourcefire.com
|
Query for dynamic analysis results.
|
Both peers query for dynamic analysis reports.
|
fmc.api.threatgrid.com
fmc.api.threatgrid.eu
|
Security intelligence
|
Download security intelligence feeds.
|
Active peer downloads, syncs to standby.
|
intelligence.sourcefire.com
|
URL filtering
|
Download URL category and reputation data.
Manually query (look up) URL category and reputation data.
Query for uncategorized URLs.
|
Active peer downloads, syncs to standby.
|
URLs:
IPv4 blocks:
-
146.112.62.0/24
-
146.112.63.0/24
-
146.112.255.0/24
-
146.112.59.0/24
IPv6 blocks:
-
2a04:e4c7:ffff::/48
-
2a04:e4c7:fffe::/48
|
Secure Endpoint
|
Receive malware events detected by Secure Endpoint from the cloud.
Display malware events detected by the system in Secure Endpoint.
Use centralized file Block and Allow lists created in Secure Endpoint to override dispositions from the cloud.
|
Both peers receive events.
You must also configure the cloud connection on both peers
(configuration is not synced).
|
Required Server Addresses for
Proper Cisco Secure Endpoint & Malware Analytics
Operations
|
Cisco Smart Software Manager
|
Communicate with the Smart Software Manager.
|
Active peer communicates.
|
www.cisco.com
7.2.0–7.2.9: tools.cisco.com:443
7.2.10–7.2.x:
smartreceiver.cisco.com
|
Cisco Success Network
|
Transmit usage information and statistics.
|
Active peer communicates.
|
api-sse.cisco.com:8989
dex.sse.itd.cisco.com
dex.eu.sse.itd.cisco.com
|
Cisco Support
Diagnostics
|
Accepts authorized requests and transmits usage information and
statistics.
|
Active peer communicates.
|
api-sse.cisco.com:8989
|
Cisco XDR integration
|
Configure devices to send events to the Cisco Security Cloud.
|
Active peer communicates.
|
Cisco Secure Firewall Threat
Defense and Cisco XDR Integration Guide
|
Time synchronization
|
Synchronize time in your deployment.
Not supported with a proxy server.
|
Both peers communicate with the NTP server.
|
User configured
|
RSS feeds
|
Display the Cisco Threat Research Blog on the dashboard.
|
Both peers communicate.
|
blog.talosintelligence.com
blogs.cisco.com
feeds.feedburner.com
|
Upgrades
|
Download product (management center and device) upgrades.
|
Upgrade packages do not
sync.
|
7.2.0–7.2.5: support.sourcefire.com
7.2.6–7.2.x: cdo-ftd-images.s3-us-west-2.amazonaws.com
|
Intrusion rules
|
Download intrusion rules (SRU/LSP).
|
Active peer downloads, syncs to standby.
|
talosintelligence.com
|
Vulnerability database
|
Download VDB updates.
|
Active peer downloads, syncs to standby.
|
support.sourcefire.com
|
Geolocation database
|
Download GeoDB updates.
|
Active peer downloads, syncs to standby.
|
support.sourcefire.com
|
Whois
|
Request whois information for an external host.
Not supported with a proxy server.
|
Any appliance requesting whois information must have internet
access.
|
The whois client tries to guess the right server to query. If it
cannot guess, it uses:
|