Cisco Cisco Firepower Management Center 4000
42-6
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Enhancing Your Network Map
For example, if a user sets the operating system to Windows 2003 Server on a host, Windows 2003 Server
is the current identity. Attacks which target Windows 2003 Server vulnerabilities on that host are given
a higher impact, and the vulnerabilities listed for that host in the host profile include Windows 2003
Server vulnerabilities.
is the current identity. Attacks which target Windows 2003 Server vulnerabilities on that host are given
a higher impact, and the vulnerabilities listed for that host in the host profile include Windows 2003
Server vulnerabilities.
The database may retain information from several sources for the operating system or for a particular
application on a host.
application on a host.
The system treats an operating system or application identity as the current identity when the source for
the data has the highest source priority. Possible sources have the following priority order:
the data has the highest source priority. Possible sources have the following priority order:
1.
user
2.
scanner and application (set in the network discovery policy)
3.
managed devices
4.
NetFlow
Note that a new higher priority application identity will not override a current application identity if it
has less detail than the current identity.
has less detail than the current identity.
In addition, note that when an identity conflict occurs, the resolution of the conflict depends on settings
in the network discovery policy or on your manual resolution, as described in
in the network discovery policy or on your manual resolution, as described in
Understanding Identity Conflicts
License:
FireSIGHT
An identity conflict occurs when the system reports a new passive identity that conflicts with the current
active identity and previously reported passive identities. For example, the previous passive identity for
an operating system is reported as Windows 2000, then an active identity of Windows XP becomes
current. Next, the system detects a new passive identity of Ubuntu Linux 8.04.1. The Windows XP and
the Ubuntu Linux identities are in conflict.
active identity and previously reported passive identities. For example, the previous passive identity for
an operating system is reported as Windows 2000, then an active identity of Windows XP becomes
current. Next, the system detects a new passive identity of Ubuntu Linux 8.04.1. The Windows XP and
the Ubuntu Linux identities are in conflict.
When an identity conflict exists for the identity of the host’s operating system or one of the applications
on the host, the system lists both conflicting identities as current and uses both for impact assessment
until the conflict is resolved.
on the host, the system lists both conflicting identities as current and uses both for impact assessment
until the conflict is resolved.