Cisco Cisco Firepower Management Center 4000

To force manual conflict resolution of identity conflicts, select 

 from the 

 drop-down list.

To use the passive fingerprint when an identity conflict occurs, select 

from the 

 drop-down list.

To use the current identity from the highest priority active source when an identity conflict occurs, 
select 

 from the 

 drop-down list.

Admin/Discovery Admin

Click the edit icon (

) next to 

. 

The Edit Identity Conflict Settings pop-up window appears.

Update the settings as needed.

Click 

 to save the identity conflict settings and return to the 

 tab of the network discovery 

policy. 

You must apply the network discovery policy for your changes to take effect. For more 
information, see 

FireSIGHT

You can configure how the FireSIGHT System performs impact correlation with intrusion events.

Your options are as follows:

Select 

 if you want to use Cisco vulnerability information 

to perform impact correlation.

Select 

 if you want to use third-party vulnerability references to 

perform impact correlation. For more information, see 

 or the FireSIGHT System Host Input API Guide.

You can select either or both of the check boxes. If the system generates an intrusion event and the host 
involved in the event has servers or an operating system with vulnerabilities in the selected vulnerability 
mapping sets, the intrusion event is marked with the Vulnerable (level 1: red) impact icon. For any 
servers which do not have vendor or version information, note that you need to configure vulnerability 
mapping in the system policy. For more information, see 

If you clear both check boxes, intrusion events will never be marked with the Vulnerable (level 1: red) 
impact icon. For more information, see 

.

Admin/Discovery Admin

Click the edit icon (

) next to 

.