Cisco Cisco FirePOWER Appliance 8250
38-39
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Applications
rules on the detection of application. For example, if you want your employees to use a specific mail
client, you could trigger a correlation rule when the system detects a different mail client running on one
of your hosts.
client, you could trigger a correlation rule when the system detects a different mail client running on one
of your hosts.
You should carefully read the release notes for each FireSIGHT System update as well as the advisories
for each VDB update for information on updated detectors.
for each VDB update for information on updated detectors.
To collect and store application data for analysis, make sure that you enable application detection in your
network discovery policy. For more information, see
network discovery policy. For more information, see
.
See the following sections for more information:
•
•
•
Viewing Applications
License:
FireSIGHT
You can use the Defense Center to view a table of detected applications. Then, you can manipulate the
event view depending on the information you are looking for.
event view depending on the information you are looking for.
The page you see when you access applications differs depending on the workflow you use. You can also
create a custom workflow that displays only the information that matches your specific needs. For more
information, see
create a custom workflow that displays only the information that matches your specific needs. For more
information, see
below describes some of the specific actions you can perform on an application
workflow page. You can also perform the tasks described in the
table.
To view applications:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Application Details
.
The first page of the default application details workflow appears. To use a different workflow, including
a custom workflow, click
a custom workflow, click
(switch workflow)
. For information on specifying a different default workflow,
see
.
Tip
If you are using a custom workflow that does not include the table view of application details, click
(switch workflow)
, then select
Clients
.
Table 38-9
Application Actions
To...
You can...
learn more about the contents of the
columns in the table
columns in the table
find more information in
open the Application Detail View for a
specific application
specific application
click the application detail view icon (
) next to a client,
application protocol, or web application.