Cisco Cisco FirePOWER Appliance 8390
38-4
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Viewing Discovery Event Statistics
Last Connection Received
The date and time that the most recent connection was completed.
Event Breakdown
License:
FireSIGHT
The Event Breakdown section lists a count of each type of network discovery and host input event that
occurred within the last hour, as well as a count of the total number of each event type stored in the
database. For full descriptions of each event type, see
occurred within the last hour, as well as a count of the total number of each event type stored in the
database. For full descriptions of each event type, see
and
You can also use the Event Breakdown section to view details on discovery and host input events.
To view network discovery and host input events by type:
Access:
Admin/Any Security Analyst
Step 1
Click the type of event you want to view.
The first page of the default discovery events workflow appears, constrained by the event type you
picked. To use a different workflow, including a custom workflow, click
picked. To use a different workflow, including a custom workflow, click
(switch workflow)
by the
workflow title. For information on specifying a different default workflow, see
. If no events appear, you may need to adjust the time range; see
.
For information on working with discovery events, see
.
Protocol Breakdown
License:
FireSIGHT
The Protocol Breakdown section lists the protocols currently in use by detected hosts. It displays each
detected protocol name, its “layer” in the protocol stack, and the total number of hosts that communicate
using the protocol.
detected protocol name, its “layer” in the protocol stack, and the total number of hosts that communicate
using the protocol.
Application Protocol Breakdown
License:
FireSIGHT
The Application Protocol Breakdown section lists the application protocols that are currently in use by
detected hosts. It lists the protocol name, the total number of hosts running the application protocol in
the past hour, and the total number of hosts that have been detected running the protocol at any point.
detected hosts. It lists the protocol name, the total number of hosts running the application protocol in
the past hour, and the total number of hosts that have been detected running the protocol at any point.
You can also use the Application Protocol Breakdown section to view details on servers using the
detected protocols.
detected protocols.
To view servers that use a listed application protocol:
Access:
Admin/Any Security Analyst