Cisco Cisco FirePOWER Appliance 8250
35-34
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Creating a Network Discovery Policy
The Edit Vulnerability Settings pop-up window appears.
Step 2
Update the settings as needed.
Step 3
Click
Save
to save the vulnerability settings and return to the Advanced tab of the network discovery
policy.
Note
You must apply the network discovery policy for your changes to take effect. For more
information, see
information, see
.
Setting Indications of Compromise Rules
License:
FireSIGHT
For your system to detect and tag indications of compromise (IOC), you must first activate at least one
IOC rule in your discovery policy. Each IOC rule corresponds to one type of IOC tag, and all IOC rules
are predefined by Cisco; you cannot create original rules. You can enable any or all rules, depending on
the needs of your network and organization. For example, if hosts using software such as Microsoft
Excel never appear on your monitored network, you may decide not to enable the IOC tags that pertain
to Excel-based threats. For more information on the IOC feature, see
IOC rule in your discovery policy. Each IOC rule corresponds to one type of IOC tag, and all IOC rules
are predefined by Cisco; you cannot create original rules. You can enable any or all rules, depending on
the needs of your network and organization. For example, if hosts using software such as Microsoft
Excel never appear on your monitored network, you may decide not to enable the IOC tags that pertain
to Excel-based threats. For more information on the IOC feature, see
You must also enable the FireSIGHT System features associated with the IOC rules you enable, such as
intrusion and malware protection; if a rule’s associated feature is not enabled, no relevant data is
collected and the rule cannot trigger. For more information on the types of IOC rules and their associated
features, see
intrusion and malware protection; if a rule’s associated feature is not enabled, no relevant data is
collected and the rule cannot trigger. For more information on the types of IOC rules and their associated
features, see
To set indications of compromise rules in the discovery policy:
Access:
Admin/Discovery Admin
Step 1
Click the edit icon (
) next to
Indications of Compromise Settings
.
The Edit Indications of Compromise Settings pop-up window appears.
Step 2
To toggle the entire IOC feature off or on, click the slider next to
Enable IOC
.
Step 3
To enable or disable individual IOC rules, click the slider in the rule’s
Enabled
column.
Step 4
Click
Save
to save your IOC rule settings and return to the Advanced tab of the discovery policy.
Your changes are saved.
Note
You must apply the network discovery policy for your changes to take effect. For more
information, see
information, see
.
Adding NetFlow-Enabled Devices
License:
FireSIGHT