Cisco Cisco Firepower Management Center 4000

47-21

FireSIGHT System User Guide

Chapter 47 Understanding and Using Workflows

Using Workflows

You can use geolocation data (source and destination country/continent) as conditions for access control
rules, as well as create custom geolocation objects for this purpose. For more information, see

Working

with Geolocation Objects, page 5-38

and

Adding Geolocation Conditions, page 14-18

By installing geolocation database (GeoDB) updates, you can view a Geolocation Details page with
granular information available for an IP address, such as postal code, coordinates, time zone,
Autonomous System Number (ASN), Internet service provider (ISP), use type (home or business),
organization, domain name, connection type, and proxy information. You can also pinpoint the detected
location with any of four third-party map tools. Without a GeoDB update, only the flag icon and country
name appear; you cannot view the Geolocation Details page. For information on installing and updating
the GeoDB, see

Updating the Geolocation Database, page 53-26

. You can view the current version of

your GeoDB update by clicking

Help > About

Depending on availability, a number of fields may appear on the Geolocation Details page; fields with
no information are not displayed. The following table contains information on these fields.

To view geolocation details:

Access:

Any

Step 1

In an event view, host profile, or other geolocation-supporting page, click the small country flag icon or
ISO country code that appears by an individual data point. (You cannot view geolocation details for
aggregate geolocation information, such as on the Connection Summary dashboard, despite the presence
of flag icons.)

Table 47-23

Geolocation Detail Fields

Field

Contents

Country

Country associated with the host’s IP address, accompanied by the country’s flag. The continent is
listed in parentheses. Examples:

United States (North America)

Equatorial Guinea (Africa)

Region

State, province, or other subregion of the country where the host is located. Examples:

City

City where the host is located. Examples:

Seattle

Fukuoka

Postal Code

Postal code of the region where the host is located. Examples:

361000

90210

Latitude/Longitude

Exact coordinates of the host’s location. Examples:

40.0375, -76.1053

;

53.4050, -0.5484

Maps

Links to external mapping sites (Google Maps, Yahoo Maps, Bing Maps, and OpenStreetMap). Click
any link to view a contextual map of the host’s approximate location.

Timezone

Time zone of the host’s location, with Daylight Savings Time noted where applicable. Examples:

GMT+8:00

GMT-4:00 (In DST)

ASN

Autonomous System Number (ASN) associated with the host’s IP address, and any additional
information about that ASN. Examples:

14618 (Amazon.com Inc.)

;

4837 (Cncgroup China169

Backbone)

ISP

Internet service provider (ISP) associated with the host’s IP address. Examples:

Atlantic Broadband

;

China Unicom Ip Network

Home/Business

Whether the host’s connection is used for

Home

Business

purposes.

Organization

Organization associated with the host’s IP address. Examples:

Amazon.com

Bank of America

Domain Name

Domain name associated with the host’s IP address. Examples:

amazonaws.com

xmcnc.net

Connection Type

Connection type associated with the host’s IP address. Examples:

Broadband

DSL

Proxy Type

The type of proxy used. Examples:

Anonymous

Corporate