Cisco Cisco Firepower Management Center 4000

The FireSIGHT System passively collects traffic traveling over the network, decodes the data, and then 
compares it to established operating system and fingerprints. From this information, the system builds a 
network map, which is a detailed representation of your network. 

The network map allows you to use the Defense Center to view your network topology in terms of hosts 
and network devices (bridges, routers, NAT devices, and load balancers). It is a useful tool for a quick, 
overall view of your network. The network map also allows you to drill down on associated host 
attributes, applications, clients, indications of compromised hosts, and vulnerabilities. In other words, 
you can select different views of the network map to suit the analysis you perform.

You can augment the information your system collects by adding operating system, application, client, 
protocol, or host attribute information from a third-party application using the host input feature. You 
can also actively scan hosts in the network map using Nmap and add the scan results to your network 
map.

You can use the custom topology feature to help you organize and identify subnets in the views of the 
network map. For example, if each department in your organization uses a different subnet, you can 
assign familiar labels to those subnets using the custom topology feature.

For more information, see the following sections:

FireSIGHT

Each view of the network map has the same format: a hierarchical tree with expandable categories and 
sub-categories. When you click a category, it expands to show you the sub-categories beneath it. You can 
select different views of the network map depending on the kind of analysis you are performing.