Cisco Cisco FirePOWER Appliance 7020
38-26
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Host Attributes
•
Click
Save as New Search
to save the search criteria. The search is saved (and associated with your
user account if you selected
Save As Private
), so that you can run it at a later time.
Working with Host Attributes
License:
FireSIGHT
The FireSIGHT System collects information about the hosts it detects and uses that information to build
host profiles. However, there may be additional information about the hosts on your network that you
want to provide to your analysts. You can add notes to a host profile, set the business criticality of a host,
or provide any other information that you choose. Each piece of information is called a host attribute.
host profiles. However, there may be additional information about the hosts on your network that you
want to provide to your analysts. You can add notes to a host profile, set the business criticality of a host,
or provide any other information that you choose. Each piece of information is called a host attribute.
You can use host attributes in host profile qualifications, which constrain the data you collect while
building a traffic profile, and also can limit the conditions under which you want to trigger a correlation
rule. You can also set attribute values in response to a correlation rule.
building a traffic profile, and also can limit the conditions under which you want to trigger a correlation
rule. You can also set attribute values in response to a correlation rule.
For more information, see:
•
•
•
•
•
Viewing Host Attributes
License:
FireSIGHT
You can use the Defense Center to view a table of hosts detected by the system, along with their host
attributes. Then, you can manipulate the view depending on the information you are looking for.
attributes. Then, you can manipulate the view depending on the information you are looking for.
The page you see when you access host attributes differs depending on the workflow you use. You can
use the predefined workflow, which includes a table view of host attributes that lists all detected hosts
and their attributes, and terminates in a host view page, which contains a host profile for every host that
meets your constraints.
use the predefined workflow, which includes a table view of host attributes that lists all detected hosts
and their attributes, and terminates in a host view page, which contains a host profile for every host that
meets your constraints.
You can also create a custom workflow that displays only the information that matches your specific
needs. For information on creating a custom workflow, see
needs. For information on creating a custom workflow, see
.
The
below describes some of the specific actions you can perform on a host
attributes workflow page. You can also perform the tasks described in the
Table 38-6
Host Attribute Actions
To...
You can...
learn more about the contents of the
columns in the table
columns in the table
find more information in
assign a host attribute to selected
hosts
hosts
find more information in