Cisco Cisco FirePOWER Appliance 7010
35-33
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Creating a Network Discovery Policy
•
To force manual conflict resolution of identity conflicts, select
Disabled
from the
Automatically
Resolve Conflicts
drop-down list.
•
To use the passive fingerprint when an identity conflict occurs, select
Identity
from the
Automatically
Resolve Conflicts
drop-down list.
•
To use the current identity from the highest priority active source when an identity conflict occurs,
select
select
Keep Active
from the
Automatically Resolve Conflicts
drop-down list.
To update identity conflict resolution settings:
Access:
Admin/Discovery Admin
Step 1
Click the edit icon (
) next to
Identity Conflict Settings
.
The Edit Identity Conflict Settings pop-up window appears.
Step 2
Update the settings as needed.
Step 3
Click
Save
to save the identity conflict settings and return to the
Advanced
tab of the network discovery
policy.
Note
You must apply the network discovery policy for your changes to take effect. For more
information, see
information, see
Enabling Vulnerability Impact Assessment Mappings
License:
FireSIGHT
You can configure how the FireSIGHT System performs impact correlation with intrusion events.
Your options are as follows:
•
Select
Use Network Discovery Vulnerability Mappings
if you want to use Cisco vulnerability information
to perform impact correlation.
•
Select
Use Third-Party Vulnerability Mappings
if you want to use third-party vulnerability references to
perform impact correlation. For more information, see
or the FireSIGHT System Host Input API Guide.
You can select either or both of the check boxes. If the system generates an intrusion event and the host
involved in the event has servers or an operating system with vulnerabilities in the selected vulnerability
mapping sets, the intrusion event is marked with the Vulnerable (level 1: red) impact icon. For any
servers which do not have vendor or version information, note that you need to configure vulnerability
mapping in the system policy. For more information, see
involved in the event has servers or an operating system with vulnerabilities in the selected vulnerability
mapping sets, the intrusion event is marked with the Vulnerable (level 1: red) impact icon. For any
servers which do not have vendor or version information, note that you need to configure vulnerability
mapping in the system policy. For more information, see
If you clear both check boxes, intrusion events will never be marked with the Vulnerable (level 1: red)
impact icon. For more information, see
impact icon. For more information, see
.
To update vulnerability settings:
Access:
Admin/Discovery Admin
Step 1
Click the edit icon (
) next to
Vulnerabilities to use for Impact Assessment
.