Cisco Cisco Firepower Management Center 4000
38-28
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Host Attributes
Notes
Information about the host that you want other analysts to view. For information on how to add a
note, see
note, see
Any user-defined host attribute, including those for compliance white lists
The value of the user-defined host attribute.
The host attributes table contains a field for each user-defined host attribute. For more information,
see
see
.
Count
The number of events that match the information that appears in each row. Note that the Count field
appears only after you apply a constraint that creates two or more identical rows.
appears only after you apply a constraint that creates two or more identical rows.
Setting Host Attributes for Selected Hosts
License:
FireSIGHT
There are two predefined host attributes that you can assign to each host: host criticality and
host-specific notes.
host-specific notes.
Use the host criticality to designate the business criticality of a given host. You can tailor correlation
policies and alerts based on host criticality. For example, your organization’s mail servers are more
critical to your business than a typical user workstation. You can assign a high host criticality value to
your mail servers and other business-critical servers and medium or low values to other hosts. You could
then create a correlation policy that launches different alerts based on the criticality of an affected host.
policies and alerts based on host criticality. For example, your organization’s mail servers are more
critical to your business than a typical user workstation. You can assign a high host criticality value to
your mail servers and other business-critical servers and medium or low values to other hosts. You could
then create a correlation policy that launches different alerts based on the criticality of an affected host.
Use notes to record information about a host that you want other analysts to view. For example, if you
have a computer on the network that has an older, unpatched version of an operating system that you use
for testing, you can use the notes feature to indicate that the system is intentionally unpatched.
have a computer on the network that has an older, unpatched version of an operating system that you use
for testing, you can use the notes feature to indicate that the system is intentionally unpatched.
You can also create user-defined host attributes. For example, you could create a host attribute that
assigns physical location identifiers to hosts, such as a facility code, city, or room number. For more
information on created user-defined host attributes, see
assigns physical location identifiers to hosts, such as a facility code, city, or room number. For more
information on created user-defined host attributes, see
You can also set the host criticality of selected hosts in a host workflow, and from within a host profile,
or set it through a remediation. For more information, see
or set it through a remediation. For more information, see
To set host attributes for selected hosts:
Access:
Admin/Any Security Analyst
Step 1
Select the check boxes next to the hosts to which you want to add a host attribute.
Tip
Use the sort and search features to isolate the hosts to which you want to assign particular attributes.
Step 2
At the bottom of the page, click
Set Attributes
.
The Host Attributes pop-up window appears.
Step 3
Optionally, set the host criticality for the hosts you selected.
You can select
None
,
Low
,
Medium
, or
High
.