Cisco Cisco Firepower Management Center 4000
35-27
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Creating a Network Discovery Policy
To add a discovery rule:
Access:
Admin/Discovery Admin
Step 1
Check your access control policies to ensure that you are logging connections as needed for the traffic
where you want to discover network data. For more information, see
where you want to discover network data. For more information, see
and
. To
discover the most data, log at the end of the connection for traffic you want to discover.
Step 2
Select
Policies > Network Discovery
.
The Network Discovery Policy page appears.
Step 3
Click
Add Rule
.
The Add Rule pop-up window appears.
Step 4
You have two options:
•
If you plan to use the rule to monitor NetFlow traffic, within the Add Rule pop-up window, click
NetFlow Device
.
The NetFlow Device page appears.
Note that the NetFlow page is available only if you have added a NetFlow device to the discovery
policy. For more information, see
policy. For more information, see
•
If you plan to use the rule to monitor managed devices, skip to step
.
For more information, see
and
Step 5
Select the IP address for the NetFlow device you want to use from the drop-down list.
Step 6
Set the action for the rule:
•
To exclude all traffic that matches the rule from network discovery, select
Exclude
. Note that the Port
Exclusions tab is disabled when you select this rule action.
•
To discover the selected types of data in traffic that matches the rule, select
Discovery
and select or
clear the appropriate data type check boxes.
If monitoring managed device traffic, application logging is required. If monitoring users, host
logging is required. If monitoring NetFlow traffic, note that you cannot log users and that logging
applications is optional.
logging is required. If monitoring NetFlow traffic, note that you cannot log users and that logging
applications is optional.
•
If monitoring NetFlow traffic, to use the rule to log connections in NetFlow traffic, select
Log NetFlow
Connections
. Note that this option only appears after you have selected a NetFlow device in the rule.
Note
The system detects connections in NetFlow traffic based on network discovery policy settings.
Connection logging in managed device traffic is configured in the access control policy. For
more information, see
Connection logging in managed device traffic is configured in the access control policy. For
more information, see
For more information on rule actions and discovery of assets, see
Step 7
Every discovery rule must include at least one network. Optionally, to restrict the rule action to specific
networks, click the
networks, click the
Networks
tab, select a network from the
Available Networks
list, and click
Add
, or type
the network below the Networks list and click
Add
.