Cisco Cisco Firepower Management Center 4000
C H A P T E R
35-1
FireSIGHT System User Guide
35
Introduction to Network Discovery
The FireSIGHT System uses a feature called network discovery to monitor traffic on your network and
build a comprehensive map of your network assets.
build a comprehensive map of your network assets.
As managed devices passively observe traffic on the network segments you specify, the system compares
specific packet header values and other unique data from network traffic against established definitions
(called fingerprints) to determine the number and types of hosts (including network devices) on your
network, as well as the operating systems, active applications, and open ports on those hosts.
specific packet header values and other unique data from network traffic against established definitions
(called fingerprints) to determine the number and types of hosts (including network devices) on your
network, as well as the operating systems, active applications, and open ports on those hosts.
You can also configure Cisco managed devices to monitor user activity on your network, which allows
you to identify the source of policy breaches, attacks, or network vulnerabilities.
you to identify the source of policy breaches, attacks, or network vulnerabilities.
To supplement the data gathered by the system, you can import records generated by NetFlow-enabled
devices, Nmap active scans, the Cisco host input feature, and User Agents that reside on a Microsoft
Active Directory server and report LDAP authentications. The FireSIGHT System integrates these
records with the information it collects via direct network traffic observation by managed devices.
devices, Nmap active scans, the Cisco host input feature, and User Agents that reside on a Microsoft
Active Directory server and report LDAP authentications. The FireSIGHT System integrates these
records with the information it collects via direct network traffic observation by managed devices.
The system can correlate certain types of intrusion, malware, and other events occurring on hosts on your
network to determine when hosts are potentially compromised, tagging those hosts with indications of
compromise (IOC) tags. IOC data can give you a clear, direct picture of the threats to your monitored
network as they relate to its hosts.
network to determine when hosts are potentially compromised, tagging those hosts with indications of
compromise (IOC) tags. IOC data can give you a clear, direct picture of the threats to your monitored
network as they relate to its hosts.
The system uses all of this information to help you with forensic analysis, behavioral profiling, access
control, and mitigating and responding to the vulnerabilities and exploits to which your organization is
susceptible.
control, and mitigating and responding to the vulnerabilities and exploits to which your organization is
susceptible.
For more information, see:
•
•
•
•
•
Understanding Discovery Data Collection
License:
FireSIGHT
Discovery data includes information on your network’s hosts and the operating systems, active
applications, and user activity on those hosts.
applications, and user activity on those hosts.