Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1452
Working with Discovery Events
Working with Discovery and Host Input Events
Chapter 35
Working with Discovery and Host Input Events
L
ICENSE
: FireSIGHT
The system generates discovery events that communicate the details of changes
in your monitored network segments. New events are generated for newly
discovered network features, and change events are generated for any change in
previously identified network assets.
During its initial network discovery phase, the system generates new events for
During its initial network discovery phase, the system generates new events for
each host and any TCP or UDP servers discovered running on each host.
Optionally, you can configure the system to use data exported by
NetFlow-enabled devices to generate these new host and server events.
In addition, the system generates new events for each network, transport, and
In addition, the system generates new events for each network, transport, and
application protocol running on each discovered host. When you create a
discovery rule configured to include NetFlow-enabled devices, you can disable
detection of application protocols. However, you cannot disable application
detection in discovery rules that do not use a configured NetFlow-enabled device.
If you enable host or user discovery in non-NetFlow discovery rules, applications
are automatically discovered.
navigate between pages in the
current workflow, keeping the current
constraints
click the appropriate page link at the top left of the workflow
page. For more information, see
delete items from the system,
including:
• discovery and host input events
• discovery and host input events
from discovery event workflows
• hosts and network devices from
host workflows
• host attributes from host attribute
workflows
• servers from server workflows
• applications from application
workflows
• third-party vulnerabilities from
third-party vulnerability workflows
• users from user workflows
use one of the following methods:
• To delete some items, select the check boxes next to
• To delete some items, select the check boxes next to
items you want to delete, then click Delete.
• To delete all items in the current constrained view, click
Delete All, then confirm you want to delete all the items.
These items remain deleted until the system’s discovery
function is restarted, when they may be detected again.
TIP!
See
page 2319 for information on deleting all discovery events
from the database and also for information on how to restart
discovery.
Note that you cannot delete Sourcefire (as opposed to
Note that you cannot delete Sourcefire (as opposed to
third-party) vulnerabilities; you can, however, mark them
reviewed. For more information, see
navigate to other event views to view
associated events
find more information in
Common Discovery Event Actions (Continued)
T
O
...
Y
OU
CAN
...