Cisco Cisco Firepower Management Center 4000
35-4
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Understanding Discovery Data Collection
As shown in the diagram, there are three sources for user data, and three places that data is stored. For
more information on user data collection, see:
more information on user data collection, see:
•
•
•
•
•
•
•
Managed Devices
License:
FireSIGHT
You use the network discovery policy to configure managed devices to passively detect LDAP, AIM,
POP3, IMAP, Oracle, SIP (VoIP), and SMTP logins on the networks you specify. Note that when you
enable discovery of users in a network discovery rule, host discovery is automatically enabled.
POP3, IMAP, Oracle, SIP (VoIP), and SMTP logins on the networks you specify. Note that when you
enable discovery of users in a network discovery rule, host discovery is automatically enabled.
Note
Managed devices interpret only Kerberos logins for LDAP connections as LDAP authentications.
Managed devices cannot detect encrypted LDAP authentications using protocols such as SSL or TLS.
Managed devices cannot detect encrypted LDAP authentications using protocols such as SSL or TLS.
When a device detects a login, it sends the following information to the Defense Center to be logged as
user activity:
user activity:
•
the user name identified in the login
•
the time of the login