Cisco Cisco Firepower Management Center 2000

FireSIGHT

You can constrain any traffic profile with information from the host profile of the tracked hosts. This 
constraint is called a host profile qualification. For example, as shown in the following graphic, you 
could collect connection data only for hosts that are assigned a host criticality of 

.

To use a host profile qualification, the host must exist in the database and the host profile property you 
want to use as a qualification must already be included in the host profile. For example, if you configure 
a correlation policy rule to trigger when an intrusion event is generated on a host running Windows, the 
rule only triggers if the host is already identified as Windows when the intrusion event is generated.

Admin/Discovery Admin 

On the Create Profile page, click 

.

The Host Profile Qualification section appears.

Build the host profile qualification’s conditions.

You can create a single, simple condition, or you can create more elaborate constructs by combining and 
nesting conditions. See 

 for information 

building conditions.

The syntax you can use to build conditions is described in 

.

To remove a host profile qualification, click 

.

Responder Port/ICMP 
Code

Type the port number or ICMP code.

Transport Protocol

Type 

TCP

 or 

UDP

 as the transport protocol.

Web Application

Select a web application name from the drop-down list of available web applications.

Web Application Category

Select a web application category name from the drop-down list of available categories.