Cisco Cisco Firepower Management Center 4000

The IP addresses associated with the host.

The host’s detected MAC address of the NIC.

The MAC Address field appears in the Table View of Hosts, which you can find in the Hosts 
workflow. You can also add the MAC Address field to:

custom tables that include fields from the Hosts table

drill-down pages in custom workflows based on the Hosts table

The host’s detected MAC hardware vendor of the NIC. 

The MAC Vendor field appears in the Table View of Hosts, which you can find in the Hosts 
workflow. You can also add the MAC Vendor field to:

custom tables that include fields from the Hosts table

drill-down pages in custom workflows based on the Hosts table

The user identity (username) of the currently logged in user on the host. 

Note that when a non-authoritative user logs into a host, that login is recorded in the user and host 
history. If no authoritative user is associated with the host, a non-authoritative user can be the current 
user for the host. However, after an authoritative user logs into the host, only a login by another 
authoritative user changes the current user. In addition, when a non-authoritative user is the current 
user on a host, that user still cannot be used for user control.

The user-specified criticality value assigned to the host. See the description of the Host Criticality 
column in 

 for more information about this 

field.

The NetBIOS name of the host. Only hosts running the NetBIOS protocol will have a NetBIOS 
name.

VLAN ID used by the host. For more detailed information about VLAN IDs, see 

The number of network hops from the device that detected the host to the host.

The type of host (host, mobile device, jailbroken mobile device, router, bridge, NAT device, or load 
balancer). The methods the system uses to distinguish network devices include:

the analysis of Cisco Discovery Protocol (CDP) messages, which can identify network devices 
and their type (Cisco devices only)