[TABS_R id=8782]
You are analyzing recent intrusion events in FireSIGHT Defense Center and notice several events with blue icons.
To which of the following vulnerability classifications do the blue icons correspond? (Select the best answer.)
- unknown target
- vulnerable
- potentially vulnerable
- not vulnerable
Explanation:
A blue icon is used in intrusion event records by Cisco FireSIGHT Defense Center to classify a vulnerability as an unknown target. An unknown target classification indicates that either the source or target host is on a monitored network but has no corresponding entry in the network map. FireSIGHT uses impact levels to describe the potential severity of attacks. In the FireSIGHT system, managed devices, like Cisco FirePOWER Intrusion Prevention Systems (IPSs), respond to an intrusion event by flagging the event with an impact level and sending the event to the FireSIGHT Defense Center. The impact level is based on accumulated intrusion data, network discovery data, and vulnerability information. The aggregated intrusion event data typically contains contextual information about the event and includes a copy of the packet that triggered the event.
The following table provides a summary of the FireSIGHT impact levels and their meaning:
[TABS_R id=8782]