Sourcefire FireAMP Logs

Overview

Evidence: Sourcefire FireAMP Logs Description: Collect Sourcefire FireAMP Logs Category: Applications Platform: windows Short Name: srcfrmpl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Sourcefire FireAMP is the legacy version of Cisco AMP for Endpoints, providing advanced malware protection and continuous analysis. It maintains database files with threat detection data and endpoint activity logs.

Data Collected

This collector gathers structured data about sourcefire fireamp logs.

Collection Method

This collector gathers Sourcefire FireAMP database files from the legacy Program Files installation directory, containing historical threat detection and endpoint monitoring data.

Forensic Value

Sourcefire FireAMP databases provide legacy advanced malware detection data, file trajectory information, and retrospective analysis capabilities. They're valuable for investigating historical security incidents in environments with older Cisco security deployments.