Cisco Cisco FirePOWER Appliance 8390
35-38
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Creating a Network Discovery Policy
Tip
To delete a source that you added, click the delete icon (
) next to the source.
Step 6
Optionally, to promote a source and cause the operating system and application identities to be used in
favor of sources below it in the list, select the source and click the up arrow.
favor of sources below it in the list, select the source and click the up arrow.
Step 7
Optionally, to demote a source and cause the operating system and application identities to be used only
if there are no identities provided by sources above it in the list, select the source and click the down
arrow.
if there are no identities provided by sources above it in the list, select the source and click the down
arrow.
Step 8
Click
Save
to save the identity source settings and return to the Advanced tab of the network discovery
policy.
Note
You must apply the network discovery policy for your changes to take effect. For more
information, see
information, see
.
Applying the Network Discovery Policy
License:
FireSIGHT
By default, the network discovery policy is applied to any targeted zones on managed devices when they
are registered with the Defense Center. Applying the network discovery policy allows the system to
begin monitoring your network according to your specifications. If you change the network discovery
policy, you must reapply it before your changes take effect.
are registered with the Defense Center. Applying the network discovery policy allows the system to
begin monitoring your network according to your specifications. If you change the network discovery
policy, you must reapply it before your changes take effect.
When you reapply the network discovery policy:
•
the system deletes and then rediscovers MAC address, TTL, and hops information from the network
map for the hosts in your monitored networks
map for the hosts in your monitored networks
•
the affected managed devices discard any discovery data that has not yet been sent to the Defense
Center
Center
When you apply a network discovery policy, make sure that you have already applied an access control
policy to the targeted zones on managed devices. If an access control policy has not been applied, the
network discovery policy apply fails. Note that you cannot apply a network discovery policy on a
Defense Center where no FireSIGHT license is installed.
policy to the targeted zones on managed devices. If an access control policy has not been applied, the
network discovery policy apply fails. Note that you cannot apply a network discovery policy on a
Defense Center where no FireSIGHT license is installed.
If you modify a network or port object used in the network discovery policy, you must reapply the policy
for those changes to take effect for discovery.
for those changes to take effect for discovery.
Note that you cannot apply a network discovery policy to stacked devices running different versions of
the FireSIGHT System (for example, if an upgrade on one of the devices fails).
the FireSIGHT System (for example, if an upgrade on one of the devices fails).
To apply the network discovery policy:
Access:
Admin/Security Approver
Step 1
Select
Policies > Network Discovery
.
The Network Discovery Policy page appears.
Step 2
Click
Apply
.