Cisco Cisco Firepower Management Center 4000

For example, if a user sets the operating system to Windows 2003 Server on a host, Windows 2003 Server 
is the current identity. Attacks which target Windows 2003 Server vulnerabilities on that host are given 
a higher impact, and the vulnerabilities listed for that host in the host profile include Windows 2003 
Server vulnerabilities. 

The database may retain information from several sources for the operating system or for a particular 
application on a host. 

The system treats an operating system or application identity as the current identity when the source for 
the data has the highest source priority. Possible sources have the following priority order: 

 user 

 scanner and application (set in the network discovery policy) 

 managed devices

 NetFlow

Note that a new higher priority application identity will not override a current application identity if it 
has less detail than the current identity. 

In addition, note that when an identity conflict occurs, the resolution of the conflict depends on settings 
in the network discovery policy or on your manual resolution, as described in 

FireSIGHT

An identity conflict occurs when the system reports a new passive identity that conflicts with the current 
active identity and previously reported passive identities. For example, the previous passive identity for 
an operating system is reported as Windows 2000, then an active identity of Windows XP becomes 
current. Next, the system detects a new passive identity of Ubuntu Linux 8.04.1. The Windows XP and 
the Ubuntu Linux identities are in conflict. 

When an identity conflict exists for the identity of the host’s operating system or one of the applications 
on the host, the system lists both conflicting identities as current and uses both for impact assessment 
until the conflict is resolved.