Cisco Cisco Firepower Management Center 4000
38-11
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Discovery and Host Input Events
For more information, see
and
. For information on manually resolving conflicts, see
and
Identity Timeout
This event is generated when identity data that was added to the network map through an active
source times out.
source times out.
If you want to refresh identity data by rescanning the host to obtain newer active identity data, you
can use Identity Conflict events to trigger an Nmap remediation. For more information, see
can use Identity Conflict events to trigger an Nmap remediation. For more information, see
.
For more information, see
.
MAC Information Change
This event is generated when the system detects a change in the information associated with a
specific MAC address or TTL value.
specific MAC address or TTL value.
This event often occurs when the system detects hosts passing traffic through a router. While each
host has a different IP address, they will all appear to have the MAC address associated with the
router. When the system detects the actual MAC address associated with the IP address, it displays
the MAC address in bold text within the host profile and displays an “ARP/DHCP detected” message
within the event description in the event view. The TTL may change because the traffic may pass
through different routers or if the system detects the actual MAC address of the host.
host has a different IP address, they will all appear to have the MAC address associated with the
router. When the system detects the actual MAC address associated with the IP address, it displays
the MAC address in bold text within the host profile and displays an “ARP/DHCP detected” message
within the event description in the event view. The TTL may change because the traffic may pass
through different routers or if the system detects the actual MAC address of the host.
NETBIOS Name Change
This event is generated when the system detects a change to a host’s NetBIOS name. This event will
only be generated for hosts using the NetBIOS protocol.
only be generated for hosts using the NetBIOS protocol.
New Client
This event is generated when the system detects a new client.
Note
To collect and store client data for analysis, make sure that you enable application detection
in your discovery rules in the network discovery policy. For more information, see
in your discovery rules in the network discovery policy. For more information, see
.
New Host
This event is generated when the system detects a new host running on the network.
If you select the
Discover
option and select
Hosts
in a network discovery rule where a NetFlow device
is selected, this event is also generated when a device processes NetFlow data that involves a new
host.
host.
New Network Protocol
This event is generated when the system detects that a host is communicating with a new network
protocol (IP, ARP, and so on).
protocol (IP, ARP, and so on).
New OS
This event is generated when the system either detects a new operating system for a host, or a change
in a host’s operating system.
in a host’s operating system.