Cisco Cisco Firepower Management Center 2000
37-21
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with User History in the Host Profile
Working with User History in the Host Profile
License:
FireSIGHT
The user history portion of the host profile provides a graphic representation of the last twenty-four
hours of user activity. A typical user logs off in the evening and may share the host resource with another
user. Periodic login requests, such as those made to check email, are indicated by short regular bars. A
list of user identities is provided with bar graphs to indicate when the user login was detected. Note that
for non-authoritative logins, the bar graph is gray.
hours of user activity. A typical user logs off in the evening and may share the host resource with another
user. Periodic login requests, such as those made to check email, are indicated by short regular bars. A
list of user identities is provided with bar graphs to indicate when the user login was detected. Note that
for non-authoritative logins, the bar graph is gray.
Note that the system does associate a non-authoritative user login to a host with an IP address of that
host, so the user does appear in the host’s user history. However, if an authoritative user login is detected
for the same host, the user associated with the authoritative user login takes over the association with the
host IP address, and new non-authoritative user logins do not disrupt that user association with the host
IP address. For more information on the types of users, see
host, so the user does appear in the host’s user history. However, if an authoritative user login is detected
for the same host, the user associated with the authoritative user login takes over the association with the
host IP address, and new non-authoritative user logins do not disrupt that user association with the host
IP address. For more information on the types of users, see
. If you configure
capture of failed logins in the network discovery policy, the list includes users that failed to log into the
host.
host.
Working with Host Attributes in the Host Profile
License:
FireSIGHT
You can use host attributes to classify hosts in ways that are important to your network environment.
Host attribute values can be positive integers, strings, or URLs. You can also create a list of string values
and assign them automatically based on host IP addresses. For information about creating and managing
user-defined host attributes, see
Host attribute values can be positive integers, strings, or URLs. You can also create a list of string values
and assign them automatically based on host IP addresses. For information about creating and managing
user-defined host attributes, see
.
The FireSIGHT System includes two predefined host attributes: Host Criticality and Notes. See
for information about working with these predefined
host attributes.
In addition, each compliance white list that you create automatically creates a host attribute with the
same name as the white list. Its possible values are Compliant (for hosts that are compliant with the white
list), Non-Compliant (for hosts that violate the white list), or Not Evaluated (for hosts that are not valid
targets of the white list or have not been evaluated for any reason). You cannot manually change the
value of a white list host attribute. For more information on white lists, see
same name as the white list. Its possible values are Compliant (for hosts that are compliant with the white
list), Non-Compliant (for hosts that violate the white list), or Not Evaluated (for hosts that are not valid
targets of the white list or have not been evaluated for any reason). You cannot manually change the
value of a white list host attribute. For more information on white lists, see
.
Assigning Host Attribute Values
License:
FireSIGHT
You can specify positive integers, strings, or URLs as values for existing host attributes.
Tip
You can quickly assign host attributes for a host by clicking the
Edit
link in the
Attributes
section of the
host profile page. This launches a pop-up window containing fields for all the host attributes.
To assign a host attribute value:
Access:
Admin/Any Security Analyst
Step 1
Open a host profile.