Cisco Cisco FirePOWER Appliance 7010
37-5
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with Basic Host Information in the Host Profile
Working with Basic Host Information in the Host Profile
License:
FireSIGHT
Each host profile provides basic information about a detected host or other device.
Descriptions of each of the basic host profile fields follow.
IP Addresses
All IP addresses (both IPv4 and IPv6) associated with the host. IPv6 hosts often have at least two
IPv6 addresses (local-only and globally routable), and may also have IPv4 addresses. IPv4-only
hosts may have multiple IPv4 addresses. Where available, routable host IP addresses also include a
flag icon and country code indicating the geolocation data associated with that address. For more
information on this and other geolocation features, see
IPv6 addresses (local-only and globally routable), and may also have IPv4 addresses. IPv4-only
hosts may have multiple IPv4 addresses. Where available, routable host IP addresses also include a
flag icon and country code indicating the geolocation data associated with that address. For more
information on this and other geolocation features, see
.
Hostname
The fully qualified domain name of the host, if known.
NetBIOS Name
The NetBIOS name of the host, if available. Microsoft Windows hosts, as well as Macintosh, Linux,
or other platforms configured to use NetBIOS, can have a NetBIOS name. For example, Linux hosts
configured as Samba servers have NetBIOS names.
or other platforms configured to use NetBIOS, can have a NetBIOS name. For example, Linux hosts
configured as Samba servers have NetBIOS names.
Device (Hops)
Either:
–
the reporting device for the network where the host resides, as defined in the network discovery
policy, or
policy, or
–
the device that processed the NetFlow data that added the host to the network map
–
The device and the number of network hops between the device that detected the host and the
host itself follows the device name, in parentheses. If multiple devices can see the host, the
reporting device is displayed in bold.
host itself follows the device name, in parentheses. If multiple devices can see the host, the
reporting device is displayed in bold.
–
If this field is blank, either:
–
the host was added to the network map by a device that is not explicitly monitoring the network
where the host resides, as defined in the network discovery policy, or
where the host resides, as defined in the network discovery policy, or
–
the host was added using the host input feature and has not also been detected by the FireSIGHT
System
System
MAC Addresses (TTL)
The host’s detected MAC address or addresses and associated NIC vendors, with the NIC’s hardware
vendor and current time-to-live (TTL) value in parentheses. If the MAC address is displayed in a
bold font, the MAC address is the actual MAC address of the host, detected by the system through
ARP and DHCP traffic. If multiple devices detected the host, the Defense Center displays all MAC
addresses and TTL values associated with the host, regardless of which device reported them.
vendor and current time-to-live (TTL) value in parentheses. If the MAC address is displayed in a
bold font, the MAC address is the actual MAC address of the host, detected by the system through
ARP and DHCP traffic. If multiple devices detected the host, the Defense Center displays all MAC
addresses and TTL values associated with the host, regardless of which device reported them.
You can click the MAC address to view a list of hosts with the same MAC address. Router host
profiles typically show the hosts (IP addresses) in the network segments they route in this list, and
the IP addresses of monitored routers frequently appear in this list for monitored workstations and
servers. The true IP address for the MAC address is displayed in bold.
profiles typically show the hosts (IP addresses) in the network segments they route in this list, and
the IP addresses of monitored routers frequently appear in this list for monitored workstations and
servers. The true IP address for the MAC address is displayed in bold.