Cisco Cisco Firepower Management Center 4000
35-16
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Understanding NetFlow
Uses for Discovery Data
License:
FireSIGHT
Logging discovery data allows you to take advantage of many features in the FireSIGHT System,
including:
including:
•
viewing the network map, which is a detailed representation of your network assets and topology
that you can view by grouping hosts and network devices, host attributes, application protocols, or
vulnerabilities; see
that you can view by grouping hosts and network devices, host attributes, application protocols, or
vulnerabilities; see
•
viewing host profiles, which are complete views of all the information available for your detected
hosts; see
hosts; see
•
viewing dashboards, which (among other capabilities) can provide you with an at-a-glance view of
your network assets and user activity; see
your network assets and user activity; see
•
viewing detailed information on the discovery events and user activity logged by the system; see
•
creating reports based on discovery data; see
•
performing application and user control, that is, writing access control rules using application and
user conditions; see
user conditions; see
•
associating hosts and any servers or clients they are running with the exploits to which they are
susceptible, which allows you to identify and mitigate vulnerabilities, evaluate the impact that
intrusion events have on your network, and tune intrusion rule states so that they provide maximum
protection for your network assets; see
susceptible, which allows you to identify and mitigate vulnerabilities, evaluate the impact that
intrusion events have on your network, and tune intrusion rule states so that they provide maximum
protection for your network assets; see
,
,
•
alerting you via email, SNMP trap, or syslog when the system generates either an intrusion event
with a specific impact flag, or a specific type of discovery event; see
with a specific impact flag, or a specific type of discovery event; see
•
monitor your organization’s compliance with a white list of allowed operating systems, clients,
application protocols, and protocols; see
application protocols, and protocols; see
•
creating correlation policies with rules that trigger and generate correlation events when the system
generates discovery events or detects user activity; see
generates discovery events or detects user activity; see
•
if you log NetFlow connections, using that connection data; see
Understanding NetFlow
License:
FireSIGHT
NetFlow is an embedded instrumentation within Cisco IOS Software that characterizes network
operation. Standardized through the RFC process, NetFlow is available not only on Cisco networking
devices, but can also be embedded in Juniper, FreeBSD, and OpenBSD devices.
operation. Standardized through the RFC process, NetFlow is available not only on Cisco networking
devices, but can also be embedded in Juniper, FreeBSD, and OpenBSD devices.