Cisco Cisco Firepower Management Center 4000
38-20
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Hosts
IP Address
The IP addresses associated with the host.
MAC Address
The host’s detected MAC address of the NIC.
The MAC Address field appears in the Table View of Hosts, which you can find in the Hosts
workflow. You can also add the MAC Address field to:
workflow. You can also add the MAC Address field to:
–
custom tables that include fields from the Hosts table
–
drill-down pages in custom workflows based on the Hosts table
MAC Vendor
The host’s detected MAC hardware vendor of the NIC.
The MAC Vendor field appears in the Table View of Hosts, which you can find in the Hosts
workflow. You can also add the MAC Vendor field to:
workflow. You can also add the MAC Vendor field to:
–
custom tables that include fields from the Hosts table
–
drill-down pages in custom workflows based on the Hosts table
Current User
The user identity (username) of the currently logged in user on the host.
Note that when a non-authoritative user logs into a host, that login is recorded in the user and host
history. If no authoritative user is associated with the host, a non-authoritative user can be the current
user for the host. However, after an authoritative user logs into the host, only a login by another
authoritative user changes the current user. In addition, when a non-authoritative user is the current
user on a host, that user still cannot be used for user control.
history. If no authoritative user is associated with the host, a non-authoritative user can be the current
user for the host. However, after an authoritative user logs into the host, only a login by another
authoritative user changes the current user. In addition, when a non-authoritative user is the current
user on a host, that user still cannot be used for user control.
Host Criticality
The user-specified criticality value assigned to the host. See the description of the Host Criticality
column in
column in
for more information about this
field.
NetBIOS Name
The NetBIOS name of the host. Only hosts running the NetBIOS protocol will have a NetBIOS
name.
name.
VLAN ID
VLAN ID used by the host. For more detailed information about VLAN IDs, see
Hops
The number of network hops from the device that detected the host to the host.
Host Type
The type of host (host, mobile device, jailbroken mobile device, router, bridge, NAT device, or load
balancer). The methods the system uses to distinguish network devices include:
balancer). The methods the system uses to distinguish network devices include:
–
the analysis of Cisco Discovery Protocol (CDP) messages, which can identify network devices
and their type (Cisco devices only)
and their type (Cisco devices only)