Cisco Cisco Firepower Management Center 4000
37-10
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with Operating Systems in the Host Profile
scanner or application data imported through the host input feature. The system considers the priority
assigned to each identity source when determining which identity to use. By default, user input has the
highest priority, followed by application or scanner sources, followed by the Cisco-discovered identity.
assigned to each identity source when determining which identity to use. By default, user input has the
highest priority, followed by application or scanner sources, followed by the Cisco-discovered identity.
Sometimes the system supplies a general operating system definition rather than a specific one because
the traffic and other identity sources do not provide sufficient information for a more focused identity.
The system collates information from the sources to use the most detailed definition possible.
the traffic and other identity sources do not provide sufficient information for a more focused identity.
The system collates information from the sources to use the most detailed definition possible.
Descriptions of the operating system information fields displayed in the host profile follow.
Hardware
The hardware platform for a mobile device.
OS Vendor/Vendor
The operating system vendor.
OS Product/Product
The operating system determined most likely to be running on the host, based on the identity data
collected from all sources.
collected from all sources.
If the operating system is
Pending
, the system has not yet identified an operating system and no
other identity data is available. If the operating system is
unknown
, the system cannot identify the
operating system and no other identity data is available for the operating system.
If the host’s operating system is not one the system is capable of detecting, you may want to use one
of the following strategies:
of the following strategies:
–
create a custom fingerprint for the host, as described in
–
run an Nmap scan against the host, as described in
–
import data into the network map, using the host input feature described in the FireSIGHT
System Host Input API Guide
System Host Input API Guide
–
manually enter operating system information, as described in
OS Version/Version
The operating system version. If a host is a jailbroken mobile device,
Jailbroken
is indicated in
parentheses after the version.
Source
One of the following values:
–
User:
user_name
–
Application:
app_name
–
Scanner:
scanner_type
(Nmap or scanner added through system policy)
–
FireSIGHT
The system may reconcile data from multiple sources to determine the identity of an operating
system; see
system; see
Because the vulnerabilities list for the host and the event impact correlation for events targeting the host
depend on the operating system, you may want to manually supply more specific operating system
information. In addition, you can indicate that fixes have been applied to the operating system, such as
service packs and updates, and invalidate any vulnerabilities addressed by the fixes.
depend on the operating system, you may want to manually supply more specific operating system
information. In addition, you can indicate that fixes have been applied to the operating system, such as
service packs and updates, and invalidate any vulnerabilities addressed by the fixes.