Cisco Cisco Firepower Management Center 4000
38-36
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Servers
For more information, see the
table.
Vendor
One of:
–
the server vendor as identified by the system, Nmap or another active source, or that you
specified using the host input feature
specified using the host input feature
–
blank, if the system cannot identify its vendor based on known server fingerprints, or if the
server was added to the network map using NetFlow data
server was added to the network map using NetFlow data
Version
One of:
–
the server version as identified by the system, Nmap or another active source, or that you
specified using the host input feature
specified using the host input feature
–
blank, if the system cannot identify its version based on known server fingerprints, or if the
server was added to the network map using NetFlow data
server was added to the network map using NetFlow data
Web Application
The web application based on the payload content detected by the system in the http traffic. Note
that if the system detects an application protocol of
that if the system detects an application protocol of
HTTP
but cannot detect a specific web
application, the system supplies a generic web browsing designation.
Category, Tags, Risk, or Business Relevance for Web Applications
The categories, tags, risk level, and business relevance assigned to the web application. These filters
can be used to focus on a specific set of data.
can be used to focus on a specific set of data.
For more information, see the
table.
Hits
The number of times the server was accessed. For servers added using the host input feature, this
value is always 0.
value is always 0.
Source Type
One of the following values:
–
User:
user_name
–
Application:
app_name
–
Scanner:
scanner_type
(Nmap or scanner added through network discovery configuration)
–
FireSIGHT, FireSIGHT Port Match, or FireSIGHT Pattern Match, for servers detected by the
FireSIGHT System
FireSIGHT System
–
NetFlow, for servers added to the network map based on NetFlow data
The system may reconcile data from multiple sources to determine the identity of a server; see
.
Device
The name of the device that either detected the server or processed the NetFlow or host input data
that added the server to the network map.
that added the server to the network map.