Cisco Cisco Firepower Management Center 4000
38-21
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Hosts
–
the detection of the Spanning Tree Protocol (STP), which identifies a device as a switch or
bridge
bridge
–
the detection of multiple hosts using the same MAC address, which identifies the MAC address
as belonging to a router
as belonging to a router
–
the detection of TTL value changes from the client side, or TTL values that change more
frequently than a typical boot time, which identify NAT devices and load balancers
frequently than a typical boot time, which identify NAT devices and load balancers
If a device is not identified as a network device, it is categorized as a host.
Hardware
The hardware platform for a mobile device.
OS
The detected operating system (name, vendor, and version) running on the host, or updated using
Nmap or the host input feature. This field appears when you invoke the hosts event view from the
Custom Analysis widget on the dashboard. It is also a field option in custom tables based on the
Hosts table.
Nmap or the host input feature. This field appears when you invoke the hosts event view from the
Custom Analysis widget on the dashboard. It is also a field option in custom tables based on the
Hosts table.
Note if the system detects multiple identities, it displays those identities in a comma-separated list.
In this field, a value of
unknown
means that the operating system does not match any of the known
fingerprints. A value of
pending
means that the system has not yet gathered enough information to
identify the operating system.
OS Vendor
The vendor of the operating system detected on the host or updated using Nmap or the host input
feature.
feature.
Note if the system detects multiple vendors, it displays those vendors in a comma-separated list.
In this field, a value of
unknown
means that the operating system does not match any of the known
fingerprints. A value of
pending
means that the system has not yet gathered enough information to
identify the operating system.
OS Name
The detected operating system running on the host or updated using Nmap or the host input feature.
Note if the system detects multiple names, it displays those names in a comma-separated list.
In this field, a value of
unknown
means that the operating system does not match any of the known
fingerprints. A value of
pending
means that the system has not yet gathered enough information to
identify the operating system.
OS Version
The version of the operating system detected on the host or updated using Nmap or the host input
feature.
feature.
Note if the system detects multiple versions, it displays those versions in a comma-separated list.
In this field, a value of
unknown
means that the operating system does not match any of the known
fingerprints. A value of
pending
means that the system has not yet gathered enough information to
identify the operating system.
Source Type
One of the following values for the source of the host’s operating system identity: