Cisco Cisco Firepower Management Center 4000
38-35
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Servers
The first page of the default servers workflow appears. To use a different workflow, including a custom
workflow, click
workflow, click
(switch workflow)
. For information on specifying a different default workflow, see
.
Tip
If you are using a custom workflow that does not include the table view of servers, click
(switch
workflow)
, then select
Servers
.
Understanding the Servers Table
License:
FireSIGHT
The FireSIGHT System collects information about servers running on hosts on monitored network
segments.
segments.
Descriptions of the fields in the servers table follow below.
Although you can configure the network discovery policy to add servers to the network map based on
data exported by NetFlow-enabled devices, the available information about these servers is limited. For
more information, see
data exported by NetFlow-enabled devices, the available information about these servers is limited. For
more information, see
Last Used
The date and time the server was last used on the network or the date and time that the server was
originally updated using the host input feature. The Last Used value is updated at least as often as
the update interval you configured in the network discovery policy, as well as when the system
detects a server information update. For information on setting the update interval, see
originally updated using the host input feature. The Last Used value is updated at least as often as
the update interval you configured in the network discovery policy, as well as when the system
detects a server information update. For information on setting the update interval, see
IP Address
The IP address associated with the host running the server.
Port
The port where the server is running.
Protocol
The network or transport protocol used by the server.
Application Protocol
The application protocol, as indicated by one of the following:
–
the name of the application protocol for the server
–
pending
, if the system cannot positively or negatively identify the server for one of several
reasons
–
unknown
, if the system cannot identify the server based on known server fingerprints or if the
server was added through host input and did not include the application protocol
Category, Tags, Risk, or Business Relevance for Application Protocols
The categories, tags, risk level, and business relevance assigned to the application protocol. These
filters can be used to focus on a specific set of data.
filters can be used to focus on a specific set of data.