Sourcefire FireAMP Logs
Overview
Section titled “Overview”Evidence: Sourcefire FireAMP Logs
Description: Collect Sourcefire FireAMP Logs
Category: Applications
Platform: windows
Short Name: srcfrmpl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Sourcefire FireAMP is the legacy version of Cisco AMP for Endpoints, providing advanced malware protection and continuous analysis. It maintains database files with threat detection data and endpoint activity logs.
Data Collected
Section titled “Data Collected”This collector gathers structured data about sourcefire fireamp logs.
Collection Method
Section titled “Collection Method”This collector gathers Sourcefire FireAMP database files from the legacy Program Files installation directory, containing historical threat detection and endpoint monitoring data.
Forensic Value
Section titled “Forensic Value”Sourcefire FireAMP databases provide legacy advanced malware detection data, file trajectory information, and retrospective analysis capabilities. They’re valuable for investigating historical security incidents in environments with older Cisco security deployments.