Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1513
Working with Discovery Events
Working with Third-Party Vulnerabilities
Chapter 35
•
For some fields, you can specify
n/a
or
blank
in the field to identify events
where information is not available for that field; use
!n/a
or
!blank
to
identify the events where that field is populated.
•
Most fields are case-insensitive.
•
IP addresses may be specified using CIDR notation. For information on
entering IPv4 and IPv6 addresses in the Sourcefire 3D System, see
•
Click the add object icon (
) that appears next to a search field to use an
object as a search criterion.
For detailed information on search syntax, including using objects in searches,
Specific Search Criteria for Vulnerabilities
Note the following information specific to searching for vulnerabilities:
•
Find Bugtraq ID numbers at
.
•
Enter
TRUE
to search for vulnerabilities that are exploited, or
FALSE
to
exclude such vulnerabilities.
To search for third-party vulnerabilities:
A
CCESS
: Admin/Any Security Analyst
1. Select Analysis > Search.
The Search page appears.
2. From the Table drop-down list, select Third-Party Vulnerabilities.
The page reloads with the appropriate constraints.
3. Optionally, if you want to save the search, enter a name for the search in the
Name field.
If you do not enter a name, one is created automatically when you save the
If you do not enter a name, one is created automatically when you save the
search.
4. Enter your search criteria in the appropriate fields.
If you enter multiple criteria, the search returns only the records that match all
the criteria. Click the add icon (
the criteria. Click the add icon (
) that appears next to a search field to use
an object as a search criterion.