Cisco Cisco FirePOWER Appliance 7010
38-19
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Hosts
To view hosts:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Hosts
.
The first page of the default hosts workflow appears. To use a different workflow, including a custom
workflow, click
workflow, click
(switch workflow)
. For information on specifying a different default workflow, see
.
Tip
If you are using a custom workflow that does not include the table view of hosts, click
(switch workflow)
,
then select
Hosts
.
Understanding the Hosts Table
License:
FireSIGHT
When the system discovers a host, it collects data about that host. That data can include the host’s IP
addresses, the operating system it is running, and more. You can view some of that information in the
table view of hosts. For more information on the data that the system collects about detected hosts, see
addresses, the operating system it is running, and more. You can view some of that information in the
table view of hosts. For more information on the data that the system collects about detected hosts, see
Descriptions of the fields in the hosts table follow below.
Although you can configure the network discovery policy to add hosts to the network map based on data
exported by NetFlow-enabled devices, the available information about these hosts is limited. For
example, there is no operating system data available for these hosts, unless you provide it using the host
input feature. For more information, see
exported by NetFlow-enabled devices, the available information about these hosts is limited. For
example, there is no operating system data available for these hosts, unless you provide it using the host
input feature. For more information, see
Last Seen
The date and time any of the host’s IP addresses was last detected by the system. The Last Seen value
is updated at least as often as the update interval you configured in the network discovery policy, as
well as when the system generates a new host event for any of the host’s IP addresses.
is updated at least as often as the update interval you configured in the network discovery policy, as
well as when the system generates a new host event for any of the host’s IP addresses.
For hosts with operating system data updated using the host input feature, the Last Seen value
indicates the date and time when the data was originally added.
indicates the date and time when the data was originally added.
Table 38-4
Host Actions
To...
You can...
learn more about the contents of the
columns in the table
columns in the table
find more information in
assign a host attribute to selected
hosts
hosts
find more information in
.
create traffic profiles for selected
hosts
hosts
find more information in
create a compliance white list based
on selected hosts
on selected hosts
find more information in