Cisco Cisco Firepower Management Center 4000
42-18
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Working with Application Detectors
Internal detectors are always on; you cannot deactivate, delete, or otherwise configure them.
Examples of internal detectors are the Built-in Amazon detector and the Built-in AppleTalk detector.
Examples of internal detectors are the Built-in Amazon detector and the Built-in AppleTalk detector.
Cisco-Provided Client Detectors
Cisco-provided client detectors, which detect client traffic, are delivered via VDB updates but may
also be provided with updates to the FireSIGHT System. These detectors may also be provided by
Cisco Professional Services as an importable detector.
also be provided with updates to the FireSIGHT System. These detectors may also be provided by
Cisco Professional Services as an importable detector.
You can activate and deactivate client detectors according to the needs of your organization. VDB
updates may also activate or deactivate client detectors. You can export a client detector only if you
import it.
updates may also activate or deactivate client detectors. You can export a client detector only if you
import it.
The Google Earth and Immunet detectors are examples of client detectors.
Cisco-Provided Web Application Detectors
Cisco-provided web application detectors, which detect web applications in payloads of HTTP
traffic, are delivered via VDB updates but may also be provided with updates to the FireSIGHT
System.
traffic, are delivered via VDB updates but may also be provided with updates to the FireSIGHT
System.
You can activate and deactivate web application detectors according to the needs of your
organization. VDB updates may activate or deactivate web application detectors. Examples of web
application detectors are the Blackboard and LiveJournal detectors.
organization. VDB updates may activate or deactivate web application detectors. Examples of web
application detectors are the Blackboard and LiveJournal detectors.
Cisco-Provided Application Protocol (Port) Detectors
Port-based application protocol detectors, provided by Cisco, are based on detection of network
traffic on well-known ports. These detectors are delivered via VDB updates but may also be
provided with updates to the FireSIGHT System or provided by Cisco Professional Services as an
importable detector.
traffic on well-known ports. These detectors are delivered via VDB updates but may also be
provided with updates to the FireSIGHT System or provided by Cisco Professional Services as an
importable detector.
You can activate and deactivate application protocol detectors according to the needs of your
organization. You can also view a detector definition to use it as the basis for a custom detector. VDB
updates may activate or deactivate application protocol detectors.
organization. You can also view a detector definition to use it as the basis for a custom detector. VDB
updates may activate or deactivate application protocol detectors.
The chargen and finger detectors are examples of port detectors.
Cisco-Provided Application Protocol (FireSIGHT) Detectors
FireSIGHT-based application protocol detectors, provided by Cisco, are based on detection of
network traffic using FireSIGHT application fingerprints. These detectors are delivered via VDB
updates but may also be provided with updates to the FireSIGHT System.
network traffic using FireSIGHT application fingerprints. These detectors are delivered via VDB
updates but may also be provided with updates to the FireSIGHT System.
You can activate and deactivate application protocol detectors according to the needs of your
organization. VDB updates may activate or deactivate Cisco-provided application protocol
detectors. Examples of FireSIGHT-based application protocol detectors are the Jabber and Steam
detectors.
organization. VDB updates may activate or deactivate Cisco-provided application protocol
detectors. Examples of FireSIGHT-based application protocol detectors are the Jabber and Steam
detectors.
Application Protocol (Pattern) Detectors
Pattern-based application detectors are based on detection of patterns in packets from network
traffic. These detectors can be provided by Cisco Professional Services as an importable detector or
created by you. This allows you to enhance the system’s detection capabilities with new
pattern-based detectors without updating the FireSIGHT System as a whole.
traffic. These detectors can be provided by Cisco Professional Services as an importable detector or
created by you. This allows you to enhance the system’s detection capabilities with new
pattern-based detectors without updating the FireSIGHT System as a whole.
You can activate and deactivate application protocol detectors according to the needs of your
organization.
organization.