1
00:00:00,330 --> 00:00:08,190
Retrospective events take place when there is a change in a prior event with firepower.

2
00:00:08,190 --> 00:00:15,120
If the system learns that a files mail where a disposition has changed these are called retrospective

3
00:00:15,120 --> 00:00:24,030
mail where events a file disposition is the status of a file after it has been analyzed by Cisco's cloud

4
00:00:24,120 --> 00:00:33,250
database so files disposition could be unknown initially but later on as the cloud learns more about

5
00:00:33,250 --> 00:00:41,440
the file it could determine that it was actually a bad file and trigger a retrospective event that would

6
00:00:41,440 --> 00:00:46,820
consider the file malicious and block any future transfers for that file.

7
00:00:48,960 --> 00:00:56,160
Now I'll hop into a fire power management center to show you where you can look at retrospective file

8
00:00:56,160 --> 00:00:58,590
events.

9
00:00:58,610 --> 00:01:01,220
So here I am in the fire power management center.

10
00:01:01,490 --> 00:01:09,800
If you go to analysis files and network file trajectory it shows you files that have the disposition

11
00:01:09,830 --> 00:01:11,190
of malware.

12
00:01:11,210 --> 00:01:15,430
So just click on one of these files.

13
00:01:15,550 --> 00:01:21,960
So for a retrospective event the trajectory would show that a file so the network was transferred between

14
00:01:21,960 --> 00:01:29,930
hosts and at the beginning of the file trajectory history the file would actually show as known or clean.

15
00:01:29,930 --> 00:01:37,660
And if the cloud determine that the file was malicious after the file was actually on the network it

16
00:01:37,660 --> 00:01:44,050
would sign a retrospective event which would be shown by the symbol in the trajectory letting you know

17
00:01:44,050 --> 00:01:50,410
that the file initially wasn't considered to be malicious but then was due to further analysis.