Cisco Cisco Firepower Management Center 4000

FireSIGHT

There are many types of host input events. For example, the system generates and logs an Add Host event 
when a user adds a host using the host import feature. When you view a table of discovery events, the 
event type is listed in the 

 column. For more information, see 

.

Contrast host input events, which are generated when a user takes a specific action (such as manually 
adding a host), with discovery events, which are generated when the system itself detects a change in 
your monitored network (such as detecting traffic from a previously undetected host). For more 
information on host input events, see 

.

You can configure the types of host input events that the system logs by modifying your network 
discovery policy. By default, the system logs all types of host input events. For more information, see 

If you understand the information the different types of host input events provide, you can more 
effectively determine which events you want to log and alert on, and how to use these alerts in correlation 
policies. In addition, knowing the names of the event types can help you craft more effective event 
searches. Descriptions of the different types of host input events follow.

This event is generated when a user adds a client. 

This event is generated when a user adds a host.

This event is generated when a user adds a protocol.

This event is generated when the system adds the results of an Nmap scan to a host.

This event is generated when a user adds a server port.

This event is generated when a user deletes a client from the system.

This event is generated when a user deletes an IP address or subnet from the system.

This event is generated when a user deletes a protocol from the system.

This event is generated when a user deletes a server port or group of server ports from the system.

This event is generated when a user creates a new host attribute.