Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1303
C
HAPTER
32
I
NTRODUCTION
TO
N
ETWORK
D
ISCOVERY
The Sourcefire 3D System uses a feature called network discovery to monitor
traffic on your network and build a comprehensive map of your network assets.
As managed devices passively observe traffic on the network segments you
As managed devices passively observe traffic on the network segments you
specify, the system compares specific packet header values and other unique
data from network traffic against established definitions (called fingerprints) to
determine the number and types of hosts (including network devices) on your
network, as well as the operating systems, active applications, and open ports on
those hosts.
You can also configure Sourcefire managed devices to monitor user activity on
You can also configure Sourcefire managed devices to monitor user activity on
your network, which allows you to identify the source of policy breaches, attacks,
or network vulnerabilities.
To supplement the data gathered by the system, you can import records
To supplement the data gathered by the system, you can import records
generated by NetFlow-enabled devices, Nmap active scans, the Sourcefire host
input feature, and Sourcefire User Agents that reside on a Microsoft Active
Directory server and report LDAP authentications. The Sourcefire 3D System
integrates these records with the information it collects via direct network traffic
observation by managed devices.
The system can correlate certain types of intrusion, malware, and other events
The system can correlate certain types of intrusion, malware, and other events
occurring on hosts on your network to determine when hosts are potentially
compromised, tagging those hosts with indications of compromise (IOC) tags.
IOC data can give you a clear, direct picture of the threats to your monitored
network as they relate to its hosts.
The system uses all of this information to help you with forensic analysis,
The system uses all of this information to help you with forensic analysis,
behavioral profiling, access control, and mitigating and responding to the
vulnerabilities and exploits to which your organization is susceptible.