Cisco Cisco Firepower Management Center 4000

40-12

FireSIGHT System User Guide

Chapter 40 Creating Traffic Profiles

Understanding Condition-Building Mechanics

The following steps explain how to build this host profile qualification.

To build this host profile qualification:

Access:

Admin/Discovery Admin

Step 1

Select

Policies > Correlation

, then click

Traffic Profiles

The Traffic Profiles page appears.

Step 2

Click

New Profile

The Create Profile page appears.

Step 3

Click

Add Host Profile Qualification

Step 4

Under

Host Profile Qualification

, in the first condition, specify the host whose information you want to

collect.

In this example, select

Responder Host

because we only want information on responding hosts in a

connection.

Step 5

Begin specifying the details of the operating system of the host by choosing the

Operating System

category.

Three subcategories appear:

OS Vendor

OS Name

, and

OS Version

Step 6

To specify that the host can be running any version of Microsoft Windows, use the same operator for all
three subcategories:

Step 7

Finally, specify the values for the subcategories.

Select

Microsoft

as the value for

OS Vendor

Windows

as the value for

OS Name

, and leave

any

as the value

for

OS Version

Note that the categories you can choose from depend on whether you are building traffic profile
conditions or a host profile qualification. In addition, a condition’s available operators depend on the
category you choose. Finally, the syntax you can use to specify a condition’s value depends on the
category and operator. Sometimes you must type the value in a text field. Other times, you can pick a
value from a drop-down list.

Note

Where the condition syntax allows you to pick a value from a drop-down list, you can often use multiple
values from the list. For more information, see

Using Multiple Values in a Condition, page 40-16