FireMon Asset Manager
Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

iDefense is a closed-source threat intelligence feed available to all Asset Manager customers. This feed correlates iDefense IPs against your network's IPs to produce actionable lists of zombie devices and threat flows in your network.

To use iDefense, you'll need the iDefense license key provided by Asset Manager. Look for this key in the original welcome email message you received from Asset Manager Support. If you can't find your iDefense key, please contact us

To produce threat flow results, you'll need a single source of NetFlow data such as Gigamon NetFlow. Asset Manager can receive NetFlow from a single source. If you have multiples, consider using a NetFlow aggregator. You will also need to direct the NetFlow results to your Asset Manager Command Center. These topics are out-of-scope for Asset Manager documentation, but your Solutions Architect and Support can nevertheless help with implementation. 

To show the zombie devices in your network, you do not need NetFlow data. This dashboard is generated using native Asset Manager-indexed data.

The iDefense feed is correlated against NetFlow data.  The intersection of the two populates the threat_feed_ip table. Browse to Settings > Tables > threat_feed_ip > View to open the table. 



To configure the feed . . . 

  1. Enable the capture of NetFlow data.
  2. Configure and enable iDefense in Asset Manager.


Enable NetFlow

The NetFlow-capture service enables your Asset Manager Command Center to ingest NetFlow data.

To enable NetFlow capture from the Asset Manager GUI:

  1. On the Asset Manager main menu, browse to Settings > Support Tools > Status of Asset Manager Components.
  2. Start the Netflow Packet Capture Service and click Run

    The status of the service will change to Running.

To enable NetFlow capture from the Asset Manager command-line interface:

  1. Log in to the CLI.
  2. At the command-line prompt, enter support service packetcapture start.
  3. Exit the CLI.

Configure the iDefense feed as follows:

  1. On Asset Manager's main menu, browse to Settings > Integrations > iDefense.  


  2. Enable the threat feed by moving Active slider to the right.
  3. Input a Polling Interval to indicate the time that should elapse between fetching the latest feed data. Input 24 to poll daily, input 12 to poll twice a day, and so on.
  4. Input an license key from iDefense.
  5. Click Submit.







  • No labels