Overview: Host Data Collection
As the system passively monitors the traffic that travels through your network, it compares specific packet header values and other unique data from network traffic against established definitions (called fingerprints) to determine information about the hosts on your network, including:
-
the number and types of hosts (including network devices such as bridges, routers, load balancers, and NAT devices)
-
basic network topology data, including the number of hops from the discovery point on the network to the hosts
-
the operating systems running on the hosts
-
applications on the hosts and users associated with these applications
If the system cannot identify a host's operating system, you can create custom client or server fingerprints. The system uses these fingerprints to identify new hosts. You can map fingerprints to systems in the vulnerability database (VDB) to allow the appropriate vulnerability information to be displayed whenever a host is identified using the custom fingerprint.
Note | In addition to collecting host data from monitored network traffic, the system can collect host data from exported NetFlow records, and you can actively add host data using Nmap scans and the host input feature. |