Cisco Cisco FirePOWER Appliance 7010
37-29
FireSIGHT System User Guide
Chapter 37 Using Host Profiles
Working with the Predefined Host Attributes
Setting Vulnerabilities for Individual Hosts
License:
FireSIGHT
You can use the host vulnerability editor to activate or deactivate vulnerabilities on a host-by-host basis.
When you deactivate a vulnerability for a host, it is still used for impact correlations for that host, but
the impact level is automatically reduced one level.
When you deactivate a vulnerability for a host, it is still used for impact correlations for that host, but
the impact level is automatically reduced one level.
To activate or deactivate a vulnerability for a single host:
Access:
Admin/Security Analyst
Step 1
Open a host profile.
Step 2
Next to
Vulnerabilities
, click
Edit
.
The Host Vulnerabilities editor page appears.
Tip
To view details about a vulnerability, select it and click
View
. For more information, see
.
Step 3
You have two options:
•
To deactivate a vulnerability, select it from the
Valid Vulnerabilities
list, then click the down arrow.
•
To activate a vulnerability, select it from the
Invalid Vulnerabilities
list, then click the up arrow.
Tip
Use Ctrl or Shift while clicking to select multiple vulnerabilities. You can click and drag to select
multiple adjacent vulnerabilities; you can also double-click any vulnerability to move it from list to list.
multiple adjacent vulnerabilities; you can also double-click any vulnerability to move it from list to list.
Step 4
Click
Save
.
Your changes are saved.
Working with the Predefined Host Attributes
License:
FireSIGHT
There are two predefined host attributes that you can assign to each host: host criticality and
host-specific notes. Use the host criticality attribute to designate the business criticality of a given host
and to tailor correlation policies and alerts based on host criticality. For example, if you consider your
organization’s mail servers more critical to your business than a typical user workstation, you can assign
a value of High to your mail servers and other business-critical devices and Medium or Low to other
hosts. You can then create a correlation policy that launches different alerts based on the criticality of an
affected host.
host-specific notes. Use the host criticality attribute to designate the business criticality of a given host
and to tailor correlation policies and alerts based on host criticality. For example, if you consider your
organization’s mail servers more critical to your business than a typical user workstation, you can assign
a value of High to your mail servers and other business-critical devices and Medium or Low to other
hosts. You can then create a correlation policy that launches different alerts based on the criticality of an
affected host.
Use the Notes feature to record information about the host that you want other analysts to view. For
example, if you have a computer on the network that has an older, unpatched version of an operating
system that you use for testing, you can use the Notes feature to indicate that the system is intentionally
unpatched.
example, if you have a computer on the network that has an older, unpatched version of an operating
system that you use for testing, you can use the Notes feature to indicate that the system is intentionally
unpatched.