Manualsbrain.com
  1. Handbücher
  2. Marken
  3. Cisco
  4. Cisco FirePOWER Appliance 7115

Cisco Cisco FirePOWER Appliance 7115

Download
Seite von 2442
Version 5.3
Sourcefire 3D System User Guide
1662
Creating Traffic Profiles
Adding a Host Profile Qualification
Chapter 38
2. Build the host profile qualification’s conditions.
You can create a single, simple condition, or you can create more elaborate 
constructs by combining and nesting conditions. See 
 on page 1668 for information building 
conditions.
The syntax you can use to build conditions is described in 
TIP!
To remove a host profile qualification, click Remove Host Profile 
Qualification.
Syntax for Host Profile Qualifications
L
ICENSE
FireSIGHT
When you build a host profile qualification condition, you must first select the 
host you want to use to constrain your traffic profile. You can select either 
Responder Host or Initiator Host. After you select the host role, continue building 
your host profile qualification condition, as described in the 
Although you can configure the network discovery policy to add hosts to the 
network map based on data exported by NetFlow-enabled devices, the available 
information about these hosts is limited. For example, there is no operating 
system data available for these hosts, unless you provide it using the host input 
feature. In addition, if your traffic profile uses connection data exported by 
NetFlow-enabled devices, keep in mind that NetFlow records do not contain 
information about which host in the connection is the initiator and which is the 
responder. When the system processes NetFlow records, it uses an algorithm to 
determine this information based on the ports each host is using, and whether 
those ports are well-known. For more information, se
To match against implied or generic clients, create a host profile qualification 
based on the application protocol used by the server responding to the client. 
When the client list on a host that acts as the initiator or source of a connection 
includes an application protocol name followed by client, that client may actually 
be an implied client. In other words, the system reports that client based on 
server response traffic that uses the application protocol for that client, not on 
detected client traffic. 
For example, if the system reports HTTPS client as a client on a host, create a host 
profile qualification for Responder Host where Application Protocol is set to HTTPS