Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
2
Helpful
2
Replies

Network Discovery and Correlation with Scan New Host

davparker
Level 1
Level 1

‎08-22-2024 11:17 AM

I just implemented a correlation policy to scan New Host Discovered and Unknown Operating System rules using NMAP. I have a test box in the network protected by FTD. To test the policy, I deleted the test box host record then started generating traffic. This particular host apparently can no longer be discovered. I do know the correlation policy is working as other new hosts have been detected and I can see the results of the Correlation Events. I'm not sure why deleting the one host record prevents it from being discovered again. I can't figure out how to add it back.

Thanks - David

2 Replies 2

davparker
Level 1
Level 1

‎08-23-2024 09:49 AM

Yes, network discovery is enabled sometime prior to implementing the correlation policy. It had already detected my test box previously. I also schedule weekly nmap scans on the FMC for the network. The host profile was built out. I just deleted the host record as I wanted to see the effects of discovering the host, then the impact of the correlation policy. It seems like deleting the host record didn't actually remove it, but prevents it from being displayed. Meanwhile, other new hosts have been detected and I can see the results of the correlation policy, it is working as expected. I guess I could try changing the IP of the host and see if it gets rediscovered. 

MHM Cisco World
VIP
VIP
In response to davparker

‎08-23-2024 10:12 AM - edited ‎08-23-2024 03:53 PM

Analysis -> Hosts -> Network Map 

here I think you find host map 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card