Smart Vision is a feature of FireEye Network Security that allows you to see post exploitation activity occurring between hosts in internal and private networks or on servers. This activity is displayed on the appliance a smart visual arts Smart Vision detection is enabled by default on most network security sensors and integrated appliances and does not require an additional license. Let’s look at the settings of the Smart Vision configuration page on the data exfiltration tab the enabled checkbox is selected which means that the appliance will detect data theft activity and alert on it.
The appliance monitors the egress traffic from the host specified in the home network list the appliance builds and egress traffic profile for each host specified in its home network. If a host significantly deviates from its baseline traffic profile the appliance generates a data exfiltration or. You can also wireless networks that you do not want monitored here as well. Now let’s take a look at the settings available on the Smart Vision alert configuration tab. Again Smart Vision alerts are enabled by default contact service is also enabled. This means that as the appliance monitors traffic it will also archive an index metadata for Layer 4 and Layer 7 activity as it observes. So when you’re viewing smart visual or details the appliance queries the archive for information about the attacking host other network activity. This contextually related data called related network activity can help you to understand a Smart Vision event and its base events. You also have the option of white listing rule I.D. and source IP combinations here as well.