Cisco Cisco FirePOWER Appliance 8360
35-37
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Creating a Network Discovery Policy
The Event Logging Settings control whether discovery and host input events are logged. If you do not
log an event, you cannot retrieve it in event views or use it to trigger correlation rules.
log an event, you cannot retrieve it in event views or use it to trigger correlation rules.
To set event logging settings:
Access:
Admin/Discovery Admin
Step 1
Click the edit icon (
) next to
Event Logging Settings
.
The Event Logging Settings pop-up window appears.
Step 2
Select or clear the check boxes next to the discovery and host input event types you want to log in the
database. See
database. See
and
for information about each event type.
Step 3
Click
Save
to save the event logging settings and return to the Advanced tab of the network discovery
policy.
Note
You must apply the network discovery policy for your changes to take effect. For more
information, see
information, see
Adding Identity Sources
License:
FireSIGHT
You can add new active sources through this page, or change the priority or timeout settings for existing
sources. Note that adding a scanner to this page does not add the full integration capabilities that exist
for the Nmap scanners, but does allow integration of imported third-party application or scan results. If
you import data from a third-party application or scanner, remember to make sure that you map
vulnerabilities from the source to the vulnerabilities in the network map. For more information, see
sources. Note that adding a scanner to this page does not add the full integration capabilities that exist
for the Nmap scanners, but does allow integration of imported third-party application or scan results. If
you import data from a third-party application or scanner, remember to make sure that you map
vulnerabilities from the source to the vulnerabilities in the network map. For more information, see
.
To add identity sources:
Access:
Admin/Discovery Admin
Step 1
Click the edit icon (
) next to
OS and Server Identity Sources
.
The Edit OS and Server Identity Sources pop-up window appears.
Step 2
To add a new source, click
Add Source
.
The Add Identity Source pop-up window appears.
Step 3
Type a
Name
for the source.
Step 4
Select the input source type from the
Type
drop-down list:
•
Select
Scanner
if you plan to import scan results using the AddScanResult function.
•
Select
Application
if you do not plan to import scan results.
Step 5
To indicate the duration of time that should elapse between the addition of an identity to the network
map by this source and the deletion of that identity, select
map by this source and the deletion of that identity, select
Hours
,
Days
, or
Weeks
from the
Timeout
drop-down list and type the appropriate duration.