Cisco Cisco FirePOWER Appliance 7030
37-20
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with VLAN Tags in the Host Profile
well as the IP address(es) of the host. If you do not have a preferred workflow for connection events, you
must select one. For more information about connection data, see
must select one. For more information about connection data, see
Deleting Applications from the Host Profile
License:
FireSIGHT
You can delete an application from a host profile to remove applications that you know are not running
on the host. Note that deleting an application from a host may bring the host into compliance with a white
list.
on the host. Note that deleting an application from a host may bring the host into compliance with a white
list.
Note
If the system detects the application again, it re-adds it to the network map and the host profile.
To delete an application from a host profile:
Access:
Admin/Any Security Analyst
Step 1
In the
Applications
section of the host profile, click the delete icon (
) next to the application you want
to delete.
The application is deleted for that host.
Working with VLAN Tags in the Host Profile
License:
FireSIGHT
The VLAN Tag section of the host profile appears if the host is a member of a Virtual LAN (VLAN).
Physical network equipment often uses VLANs to create logical network segments from different
network blocks. The system detects 802.1q VLAN tags and displays the following information for each:
network blocks. The system detects 802.1q VLAN tags and displays the following information for each:
•
VLAN ID
identifies the VLAN where the host is a member. This can be any integer between zero and
4095 for 802.1q VLANs.
•
Type
identifies the encapsulated packet containing the VLAN tag, which can be either Ethernet or
Token Ring.
•
Priority
identifies the priority in the VLAN tag, which can be any integer from zero to 7, where 7 is
the highest priority.
If VLAN tags are nested within the packet, the system processes and the Defense Center displays the
innermost VLAN tag. The system collects and the Defense Center displays VLAN tag information only
for MAC addresses that it identifies through ARP and DHCP traffic.
innermost VLAN tag. The system collects and the Defense Center displays VLAN tag information only
for MAC addresses that it identifies through ARP and DHCP traffic.
VLAN tag information can be useful, for example, if you have a VLAN composed entirely of printers
and the system detects a Microsoft Windows 2000 operating system in that VLAN. VLAN information
also helps the system generate more accurate network maps.
and the system detects a Microsoft Windows 2000 operating system in that VLAN. VLAN information
also helps the system generate more accurate network maps.