для Cisco Cisco Firepower Management Center 4000
42-9
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Using Custom Fingerprinting
•
The actual operating system vendor, product, and version of the host.
•
Access to the host in order to generate client traffic.
To obtain a client fingerprint for a host:
Access:
Admin/Discovery Admin
Step 1
Select
Policies
>
Network Discovery
, then click
Custom Operating Systems
.
The Custom Fingerprint page appears.
Step 2
Click
Create Custom Fingerprint
.
The Create Custom Fingerprint page appears.
Step 3
From the
Device
drop-down list, select the Defense Center or the device that you want to use to collect
the fingerprint.
Step 4
In the
Fingerprint Name
field, type an identifying name for the fingerprint.
Step 5
In the
Fingerprint Description
field, type a description for the fingerprint.
Step 6
From the
Fingerprint Type
list, select
Client
.
Step 7
In the
Target IP Address
field, type an IP address of the host you want to fingerprint. Note that the
fingerprint will only be based on traffic to and from the host IP address you specify, not any of the host’s
other IP addresses (if it has any).
other IP addresses (if it has any).
Caution
You can capture IPv6 fingerprints only with appliances running Version 5.2 and later of the FireSIGHT
System. These appliances must have IPv6 capability enabled. For information on enabling IPv6 on
managed devices and Defense Centers, see
System. These appliances must have IPv6 capability enabled. For information on enabling IPv6 on
managed devices and Defense Centers, see
.
Step 8
In the
Target Distance
field, enter the number of network hops between the host and the device that you
selected in step
to collect the fingerprint.
Caution
This must be the actual number of physical network hops to the host, which may or may not be the same
as the number of hops detected by the system.
as the number of hops detected by the system.
Step 9
From the
Interface
list, select the network interface that is connected to the network segment where the
host resides.
Caution
Cisco recommends that you do not use the sensing interface on a managed device for fingerprinting for
several reasons. First, fingerprinting does not work if the sensing interface is on a span port. Also, if you
use the sensing interface on a device, the device stops monitoring the network for the amount of time it
takes to collect the fingerprint. You can, however, use the management interface or any other available
network interfaces to perform fingerprint collection. If you do not know which interface is the sensing
interface on your device, refer to the Installation Guide for the specific model you are using to
fingerprint.
several reasons. First, fingerprinting does not work if the sensing interface is on a span port. Also, if you
use the sensing interface on a device, the device stops monitoring the network for the amount of time it
takes to collect the fingerprint. You can, however, use the management interface or any other available
network interfaces to perform fingerprint collection. If you do not know which interface is the sensing
interface on your device, refer to the Installation Guide for the specific model you are using to
fingerprint.
Step 10
If you want to display custom information in the host profile for fingerprinted hosts (or if the host you
want to fingerprint does not reside in the OS Vulnerability Mappings section), select
want to fingerprint does not reside in the OS Vulnerability Mappings section), select
Use Custom OS
Display
in the Custom OS Display section and provide the values you want to display in host profiles for
the following: