Cisco Cisco Firepower Management Center 4000
36-6
FireSIGHT System User Guide
Chapter 36 Using the Network Map
Working with the Applications Network Map
To view the mobile devices network map:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Network Map
, then select the
Mobile Devices
tab.
The mobile devices network map appears, displaying a count of unique mobile devices and a list of
mobile device IP addresses. Each address or partial address is a link to the next level.
mobile device IP addresses. Each address or partial address is a link to the next level.
Step 2
Drill down to the specific IP address of the mobile device you want to investigate.
For example, to view a device with the IP address 10.11.40.11, click
10
, then
10.11
, then
10.11.40
, then
10.11.40.11
. When you click
10.11.40.11
, the host profile appears. For more information on host profiles, see
To filter by IP or MAC addresses, type an address in the search field. To clear the search, click the clear
icon (
icon (
).
Step 3
Optionally, to delete a subnet or IP address, click the delete icon (
) next to the element you want to
delete, then confirm that you want to delete the device or subnet.
The device is deleted. If the system rediscovers the device, it re-adds the device to the network map.
Working with the Applications Network Map
License:
FireSIGHT
Use the applications network map to view the applications on your network, organized in a hierarchical
tree by application name, vendor, version, and finally by the hosts running each application.
tree by application name, vendor, version, and finally by the hosts running each application.
The applications that the system detects may change with system software and VDB updates, and also
if you import any add-on detectors. The release notes or advisory text for each system or VDB update
contains information on any new and updated detectors. For a comprehensive up-to-date list of detectors,
see either of the following Support Sites:
if you import any add-on detectors. The release notes or advisory text for each system or VDB update
contains information on any new and updated detectors. For a comprehensive up-to-date list of detectors,
see either of the following Support Sites:
•
Sourcefire:
•
Cisco:
From the applications network map, you can view the host profile of each host that runs a specific
application as well as delete any application category, any application running on all hosts, or any
application running on a specific host. For example, you can delete an application from the network map
if you know it is disabled on the host and you want to make sure the system does not use it for impact
level qualification.
application as well as delete any application category, any application running on all hosts, or any
application running on a specific host. For example, you can delete an application from the network map
if you know it is disabled on the host and you want to make sure the system does not use it for impact
level qualification.
Deleting an application from the network map does not remove it from your network. A deleted
application reappears in the network map if your system detects a change in the application (for example,
if an Apache web server is upgraded to a new version) or if you restart your system’s discovery function.
application reappears in the network map if your system detects a change in the application (for example,
if an Apache web server is upgraded to a new version) or if you restart your system’s discovery function.
Depending on what you delete, the behavior differs:
•
If you delete an application category, the application category is removed from the network map. All
applications that reside beneath the category are removed from any host profile that contains the
applications.
applications that reside beneath the category are removed from any host profile that contains the
applications.
For example, if you delete
http
, all applications identified as
http
are removed from all host profiles
and
http
no longer appears in the applications view of the network map.