Cisco Cisco Firepower Management Center 4000

The first page of the default servers workflow appears. To use a different workflow, including a custom 
workflow, click 

. For information on specifying a different default workflow, see 

.

If you are using a custom workflow that does not include the table view of servers, click 

, then select

.

FireSIGHT

The FireSIGHT System collects information about servers running on hosts on monitored network 
segments.

Descriptions of the fields in the servers table follow below.

Although you can configure the network discovery policy to add servers to the network map based on 
data exported by NetFlow-enabled devices, the available information about these servers is limited. For 
more information, see 

The date and time the server was last used on the network or the date and time that the server was 
originally updated using the host input feature. The Last Used value is updated at least as often as 
the update interval you configured in the network discovery policy, as well as when the system 
detects a server information update. For information on setting the update interval, see 

The IP address associated with the host running the server. 

The port where the server is running.

The network or transport protocol used by the server.

The application protocol, as indicated by one of the following:

the name of the application protocol for the server

pending

, if the system cannot positively or negatively identify the server for one of several 

reasons

unknown

, if the system cannot identify the server based on known server fingerprints or if the 

server was added through host input and did not include the application protocol

The categories, tags, risk level, and business relevance assigned to the application protocol. These 
filters can be used to focus on a specific set of data.