Cisco Cisco Firepower Management Center 4000
36-3
FireSIGHT System User Guide
Chapter 36 Using the Network Map
Working with the Network Devices Network Map
You can delete entire networks, subnets, or individual hosts from the hosts network map. For example,
if you know that a host is no longer attached to your network, you can delete it from the network map to
simplify your analysis. If the system afterwards detects activity associated with the deleted host, it
re-adds the host to the network map. If you want to permanently exclude a host or subnet from the
network map, modify the network discovery policy. See
if you know that a host is no longer attached to your network, you can delete it from the network map to
simplify your analysis. If the system afterwards detects activity associated with the deleted host, it
re-adds the host to the network map. If you want to permanently exclude a host or subnet from the
network map, modify the network discovery policy. See
for more information.
Note
Cisco strongly recommends that you do not delete network devices from the network map, because the
system uses their locations to determine network topology (including generating network hops and TTL
values for monitored hosts). Although you cannot delete network devices from the network devices
network map, make sure you do not delete them from the hosts network map.
system uses their locations to determine network topology (including generating network hops and TTL
values for monitored hosts). Although you cannot delete network devices from the network devices
network map, make sure you do not delete them from the hosts network map.
To view the hosts network map:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Network Map
, then select the
Hosts
tab.
The hosts network map appears, displaying a host count and a list of host IP addresses and MAC
addresses. Each address or partial address is a link to the next level.
addresses. Each address or partial address is a link to the next level.
Step 2
Drill down to the specific IP address or MAC address of the host you want to investigate.
For example, to view a host with the IP address 192.168.40.11, click
192
, then
192.168
, then
192.168.40
, then
192.168.40.11
. When you click
192.168.40.11
, the host profile appears. For more information on host profiles,
see
To filter by IP or MAC addresses, type an address in the search field. To clear the search, click the clear
icon (
icon (
).
Step 3
Optionally, to delete a subnet, IP address, or MAC address, click the delete icon (
) next to the element
you want to delete, then confirm that you want to delete the host or subnet.
The host is deleted. If the system rediscovers the host, it re-adds the host to the network map.
Step 4
Optionally, switch between the hosts view and the topology view of the hosts network map:
•
To switch to a view of the hosts network map organized by your custom topology, on the hosts view
(the default), click
(the default), click
(topology)
at the top of the network map.
•
To switch to a view of the hosts network map organized by subnet, on the topology view, click
(hosts)
at the top of the network map.
For information on configuring custom topologies, see
Working with the Network Devices Network Map
License:
FireSIGHT
Use the network devices network map to view the network devices (bridges, routers, NAT devices, and
load balancers) that connect one segment of your network to another, as well as to drill down to the host
profiles of those network devices. The network devices network map is separated into two sections: IP
and MAC. The IP section lists network devices identified by an IP address; the MAC section lists
load balancers) that connect one segment of your network to another, as well as to drill down to the host
profiles of those network devices. The network devices network map is separated into two sections: IP
and MAC. The IP section lists network devices identified by an IP address; the MAC section lists