Cisco Cisco Firepower Management Center 4000
38-43
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Application Details
Viewing Application Details
License:
FireSIGHT
You can use the Defense Center to view a table of detected application details. Then, you can manipulate
the event view depending on the information you are looking for.
the event view depending on the information you are looking for.
The page you see when you access application details differs depending on the workflow you use. There
are two predefined workflows. You can also create a custom workflow that displays only the information
that matches your specific needs. For more information, see
are two predefined workflows. You can also create a custom workflow that displays only the information
that matches your specific needs. For more information, see
The
below describes some of the specific actions you can perform on an
application details workflow page. You can also perform the tasks described in the
table.
To view application details:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Application Details
.
The first page of the default application details workflow appears. To use a different workflow, including
a custom workflow, click
a custom workflow, click
(switch workflow)
. For information on specifying a different default workflow,
see
.
Tip
If you are using a custom workflow that does not include the table view of application details, click
(switch workflow)
, then select
Clients
.
Understanding the Application Detail Table
License:
FireSIGHT
When a monitored host connects to another host, the FireSIGHT Systemcan, in many cases, determine
what application was used. The system detects various web browsers, email clients, instant messengers,
peer-to-peer applications, and so on.
what application was used. The system detects various web browsers, email clients, instant messengers,
peer-to-peer applications, and so on.
When the system detects traffic for a known client, application protocol, or web application, it logs
information about the application and the host running it. Descriptions of the fields in the application
details table follow.
information about the application and the host running it. Descriptions of the fields in the application
details table follow.
Table 38-10
Application Details Actions
To...
You can...
learn more about the contents of the
columns in the table
columns in the table
find more information in
.
open the Application Detail View for a
specific application
specific application
click the application detail view icon (
) next to a client.