# Sourcefire FireAMP Logs

## Overview

**Evidence:** Sourcefire FireAMP Logs\
**Description:** Collect Sourcefire FireAMP Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** srcfrmpl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Sourcefire FireAMP is the legacy version of Cisco AMP for Endpoints, providing advanced malware protection and continuous analysis. It maintains database files with threat detection data and endpoint activity logs.

## Data Collected

This collector gathers structured data about sourcefire fireamp logs.

## Collection Method

This collector gathers Sourcefire FireAMP database files from the legacy Program Files installation directory, containing historical threat detection and endpoint monitoring data.

## Forensic Value

Sourcefire FireAMP databases provide legacy advanced malware detection data, file trajectory information, and retrospective analysis capabilities. They're valuable for investigating historical security incidents in environments with older Cisco security deployments.