Cisco Cisco FirePOWER Appliance 8250
C H A P T E R
36-1
FireSIGHT System User Guide
36
Using the Network Map
The FireSIGHT System passively collects traffic traveling over the network, decodes the data, and then
compares it to established operating system and fingerprints. From this information, the system builds a
network map, which is a detailed representation of your network.
compares it to established operating system and fingerprints. From this information, the system builds a
network map, which is a detailed representation of your network.
The network map allows you to use the Defense Center to view your network topology in terms of hosts
and network devices (bridges, routers, NAT devices, and load balancers). It is a useful tool for a quick,
overall view of your network. The network map also allows you to drill down on associated host
attributes, applications, clients, indications of compromised hosts, and vulnerabilities. In other words,
you can select different views of the network map to suit the analysis you perform.
and network devices (bridges, routers, NAT devices, and load balancers). It is a useful tool for a quick,
overall view of your network. The network map also allows you to drill down on associated host
attributes, applications, clients, indications of compromised hosts, and vulnerabilities. In other words,
you can select different views of the network map to suit the analysis you perform.
You can augment the information your system collects by adding operating system, application, client,
protocol, or host attribute information from a third-party application using the host input feature. You
can also actively scan hosts in the network map using Nmap and add the scan results to your network
map.
protocol, or host attribute information from a third-party application using the host input feature. You
can also actively scan hosts in the network map using Nmap and add the scan results to your network
map.
You can use the custom topology feature to help you organize and identify subnets in the views of the
network map. For example, if each department in your organization uses a different subnet, you can
assign familiar labels to those subnets using the custom topology feature.
network map. For example, if each department in your organization uses a different subnet, you can
assign familiar labels to those subnets using the custom topology feature.
For more information, see the following sections:
•
•
•
•
•
•
•
•
•
Understanding the Network Map
License:
FireSIGHT
Each view of the network map has the same format: a hierarchical tree with expandable categories and
sub-categories. When you click a category, it expands to show you the sub-categories beneath it. You can
select different views of the network map depending on the kind of analysis you are performing.
sub-categories. When you click a category, it expands to show you the sub-categories beneath it. You can
select different views of the network map depending on the kind of analysis you are performing.