Cisco Cisco FirePOWER Appliance 7020
27-4
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Understanding Compliance White Lists
Understanding White List Host Profiles
License:
FireSIGHT
After you specify which targets the white list evaluates, the next step is to configure host profiles. Host
profiles in a white list specify which operating systems, clients, application protocols, web applications,
and protocols are allowed to run on the target hosts.
profiles in a white list specify which operating systems, clients, application protocols, web applications,
and protocols are allowed to run on the target hosts.
There are three kinds of host profiles you can configure in a white list: global host profiles, host profiles
for specific operating systems, and shared host profiles. Each type of host profile appears differently
when you are creating a white list.
for specific operating systems, and shared host profiles. Each type of host profile appears differently
when you are creating a white list.
The following table explains how to identify and access the different kinds of host profiles.
For more information, see the following sections:
•
•
•
Understanding the Global Host Profile
License:
FireSIGHT
Every white list contains a global host profile, which specifies the application protocols, clients, web
applications, and protocols that are allowed to run on target hosts, regardless of the host’s operating
system.
applications, and protocols that are allowed to run on target hosts, regardless of the host’s operating
system.
For example, instead of editing multiple Microsoft Windows and Linux host profiles to allow Internet
Explorer, you can configure the global host profile to allow it regardless of the operating system on
which it was detected. Note that the ARP, IP, TCP, and UDP protocols are always allowed to run on every
host; you cannot disallow them. For more information, see
Explorer, you can configure the global host profile to allow it regardless of the operating system on
which it was detected. Note that the ARP, IP, TCP, and UDP protocols are always allowed to run on every
host; you cannot disallow them. For more information, see
Understanding Host Profiles for Specific Operating Systems
License:
FireSIGHT
You must create one host profile for each operating system you want to allow on your network. To
disallow an operating system on your network, do not create a host profile for that operating system. For
example, to make sure that all the hosts on your network are running Microsoft Windows, configure the
white list to only contain host profiles for that operating system.
disallow an operating system on your network, do not create a host profile for that operating system. For
example, to make sure that all the hosts on your network are running Microsoft Windows, configure the
white list to only contain host profiles for that operating system.
When you create a host profile for an operating system, you can also require that it have a particular
version. For example, you could require that compliant hosts run Windows 7 or Server 2008 R2.
version. For example, you could require that compliant hosts run Windows 7 or Server 2008 R2.
Table 27-1
Accessing Compliance White List Host Profiles
To view...
Under Allowed Host Profiles, click...
the global host profile for the white list
Any Operating System
a host profile for a specific operating system
a host profile name that is listed in plain text rather
than italics
than italics
a shared host profile used by the white list
a host profile name that is listed in italics