Cisco Cisco Firepower Management Center 4000
37-11
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with Operating Systems in the Host Profile
For example, if the system identifies a host’s operating system as Microsoft Windows 2003, but you
know that the host is actually running Microsoft Windows XP Professional with Service Pack 2, you can
set the operating system identity accordingly. Setting a more specific operating system identity refines
the list of vulnerabilities for the host, so your impact correlation for that host is more focused and
accurate.
know that the host is actually running Microsoft Windows XP Professional with Service Pack 2, you can
set the operating system identity accordingly. Setting a more specific operating system identity refines
the list of vulnerabilities for the host, so your impact correlation for that host is more focused and
accurate.
If the system detects operating system information for a host and that information conflicts with a current
operating system identity that was supplied by an active source, an identity conflict occurs. When an
identity conflict is in effect, the system uses both identities for vulnerabilities and impact correlation.
operating system identity that was supplied by an active source, an identity conflict occurs. When an
identity conflict is in effect, the system uses both identities for vulnerabilities and impact correlation.
Although you can configure the network discovery policy to add hosts to the network map based on data
exported by NetFlow-enabled devices, there is no operating system data available for these hosts, unless
you set the operating system identity. For more information, see
exported by NetFlow-enabled devices, there is no operating system data available for these hosts, unless
you set the operating system identity. For more information, see
Note that if a host is running an operating system that violates a compliance white list in an activated
network discovery policy, the Defense Center marks the operating system information with the white list
violation icon (
network discovery policy, the Defense Center marks the operating system information with the white list
violation icon (
). In addition, if a jailbroken mobile device violates an active white list, the icon
appears next to the operating system for the device.
You can set a custom display string for the host’s operating system identity. That display string is then
used in the host profile.
used in the host profile.
Note
Note that changing the operating system information for a host may change its compliance with a
compliance white list.
compliance white list.
In the host profile for a network device, the label for the Operating Systems section changes to Systems
and an additional Hardware column appears. If a value for a hardware platform is listed under Systems,
that system represents a mobile device or devices detected behind the network device. Note that mobile
devices may or may not have hardware platform information, but hardware platform information is never
detected for systems that are not mobile devices.
and an additional Hardware column appears. If a value for a hardware platform is listed under Systems,
that system represents a mobile device or devices detected behind the network device. Note that mobile
devices may or may not have hardware platform information, but hardware platform information is never
detected for systems that are not mobile devices.
Viewing Operating System Identities
License:
FireSIGHT
You can view the specific operating system identities discovered or added for a host. The system uses
source prioritization to determine the current identity for the host. In the list of identities, the current
identity is highlighted by boldface text.
source prioritization to determine the current identity for the host. In the list of identities, the current
identity is highlighted by boldface text.
.
Note that the View button is only available if multiple operating system identities exist for the host.
To view the list of operating system identities for a host:
Access:
Admin/Any Security Analyst
Step 1
Click
View
in the
Operating System
or
Operating System Conflicts
section of the host profile.
The Operating System Identity Information pop-up window appears.