Cisco Cisco FirePOWER Appliance 7030
38-15
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Discovery and Host Input Events
The
below describes some of the specific actions you can perform on a
discovery events workflow page. You can also perform the tasks described in the
table.
To view discovery events:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Discovery Events
.
The first page of the default discovery events workflow appears. To use a different workflow, including
a custom workflow, click
a custom workflow, click
(switch workflow)
. For information on specifying a different default workflow,
see
. If no events appear, you may need to adjust the time
range; see
.
Understanding the Discovery Events Table
License:
FireSIGHT
The system generates discovery events that communicate the details of changes in your monitored
network segments. New events are generated for newly discovered network features, and change events
are generated for any change in previously identified network assets.
network segments. New events are generated for newly discovered network features, and change events
are generated for any change in previously identified network assets.
During its initial network discovery phase, the system generates new events for each host and any TCP
or UDP servers it discovers on each host. In addition, the system generates new events for each network,
transport, or application protocol running on each discovered host. For NetFlow-related traffic, you can
control whether the system generates new events when it detects application protocols running on a host.
After the initial network mapping is complete, the system continuously records network changes by
generating change events. Change events are generated whenever the configuration of a previously
discovered host, server, or client changes.
or UDP servers it discovers on each host. In addition, the system generates new events for each network,
transport, or application protocol running on each discovered host. For NetFlow-related traffic, you can
control whether the system generates new events when it detects application protocols running on a host.
After the initial network mapping is complete, the system continuously records network changes by
generating change events. Change events are generated whenever the configuration of a previously
discovered host, server, or client changes.
Descriptions of the fields in the discovery events table follow.
Time
The time that the system generated the event.
Event
The event type. See
and
for a description of each available event.
Table 38-2
Discovery Event Actions
To...
You can...
modify the time and date
range for displayed events
range for displayed events
find more information in
.
Note that events that were generated outside the appliance's configured time window (whether
global or event-specific) may appear in an event view if you constrain the event view by time.
This may occur even if you configured a sliding time window for the appliance.
global or event-specific) may appear in an event view if you constrain the event view by time.
This may occur even if you configured a sliding time window for the appliance.
learn more about the
contents of the columns in
the table
contents of the columns in
the table
find more information in