Cisco Cisco FirePOWER Appliance 8250
18-33
FireSIGHT System User Guide
Chapter 18 Working with Intrusion Events
Using Impact Levels to Evaluate Events
–
4 — source quench
–
5 — redirect
–
8 — echo request
–
9 — router advertisement
–
10 — router solicitation
–
11 — time exceeded
–
12 — parameter problem
–
13 — timestamp request
–
14 — timestamp reply
–
15 — information request (obsolete)
–
16 — information reply (obsolete)
–
17 — address mask request
–
18 — address mask reply
Code
The accompanying code for the ICMP message type. ICMP message types 3, 5, 11, and 12 have
corresponding codes as described in RFC 792.
corresponding codes as described in RFC 792.
Checksum
The indicator for whether the ICMP checksum is valid. If the checksum is invalid, the datagram may
have been corrupted during transit.
have been corrupted during transit.
Viewing Packet Byte Information
License:
Protection
On the packet view, click the arrow next to
Packet Bytes
to view hexadecimal and ASCII versions of the
bytes that comprise the packet.
Using Impact Levels to Evaluate Events
License:
Protection
To help you evaluate the impact an event has on your network, the Defense Center displays an impact
level in the table view of intrusion events. For each event, the Defense Center adds an impact level icon
whose color indicates the correlation between intrusion data, network discovery data, and vulnerability
information.
level in the table view of intrusion events. For each event, the Defense Center adds an impact level icon
whose color indicates the correlation between intrusion data, network discovery data, and vulnerability
information.
Note
Because there is no operating system information available for hosts added to the network map based on
NetFlow data, the Defense Center cannot assign impact Vulnerable (impact level 1: red) impact levels
for intrusion events involving those hosts, unless you use the host input feature to manually set the hosts’
operating system identity.
NetFlow data, the Defense Center cannot assign impact Vulnerable (impact level 1: red) impact levels
for intrusion events involving those hosts, unless you use the host input feature to manually set the hosts’
operating system identity.
The following table describes the possible values for the impact levels.