Tag Archives: cisco

Resetting admin password on Cisco Sourcefire module

If we forgot a password for the user admin on our SFR module, we will find ourselves in a problem, sooner or later. We don’t have to know this password in a regular operations, but for troubleshooting purposes, we cannot … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, Security, Sourcefire | Tagged , , , , | Leave a comment

Packet capture with Sourcefire CLI

This one will be short 🙂 If we need for some reason to do a packet capture on Cisco Sourcefire/Firepower we can do that from the CLI. Let’s say that we have issues in communication from IP 10.0.0.3 to Google … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , | Leave a comment

Sourcefire Correlation Policy – Compliance White Lists

We should have in mind that the Sourcefire is not by any means a SIEM solution. This correlation thing is most powerful weapon of SIEMs, but with Sourcefire we have the also some capability to correlate different events. The main … Continue reading

Posted in ASA, Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , , | 7 Comments

Fixing “Error fetching groups” After Upgrade Sourcefire to 6.0

We have just upgraded Sourcefire to 6.0. Did everything go smooth? Well, almost. Some users (me included) are having issues fetching users and groups from Active Directory realm. The error is: Error fetching groups. Please check your directory configuration and … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , | Leave a comment

Upgrade Cisco Sourcefire to 6.0

Just a few days after we have upgraded our Sourcefire infrastructure to 5.4, Cisco released the 6.0 version. Before we do an upgrade, first let’s briefly check out what do we get with this major release: SSL Traffic inspection DNS-based … Continue reading

Posted in Cisco, FirePOWER, FireSight, Firewall, IPS, Security, Sourcefire | Tagged , , , , , | 19 Comments

Installing Custom Certificate on FireSight Defense Center

We are using Cisco FirePOWER services for quite some time and we are almost gurus. But one thing keeps annoying us every day: a certificate warning when we access web interface of our Defense Center (DC): This happens because the … Continue reading

Posted in Cisco, FirePOWER, FireSight, IPS, Security, Sourcefire | Tagged , , , | Leave a comment

Sourcefire Fighting False Positives

One important thing when dealing with IPS is fighting False Positives. A false positive is not solely an IPS term, and I think it’s adopted from medicine. For example, when our MD is checking our blood for presence of some … Continue reading

Posted in Cisco, FirePOWER, IPS, Security, Sourcefire | Tagged , , , | 1 Comment