Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1513

Working with Discovery Events

Working with Third-Party Vulnerabilities

Chapter 35

•

For some fields, you can specify

n/a

blank

in the field to identify events

where information is not available for that field; use

!n/a

!blank

identify the events where that field is populated.

•

Most fields are case-insensitive.

•

IP addresses may be specified using CIDR notation. For information on

entering IPv4 and IPv6 addresses in the Sourcefire 3D System, see

Address Conventions

on page 63.

•

Click the add object icon (

) that appears next to a search field to use an

object as a search criterion.

For detailed information on search syntax, including using objects in searches,

see

Searching for Events

on page 1842.

Specific Search Criteria for Vulnerabilities

Note the following information specific to searching for vulnerabilities:

•

Find Bugtraq ID numbers at

http://www.securityfocus.com/bid

•

Enter

TRUE

to search for vulnerabilities that are exploited, or

FALSE

exclude such vulnerabilities.

To search for third-party vulnerabilities:

CCESS

: Admin/Any Security Analyst

1. Select Analysis > Search.

The Search page appears.

2. From the Table drop-down list, select Third-Party Vulnerabilities.

The page reloads with the appropriate constraints.

3. Optionally, if you want to save the search, enter a name for the search in the

Name field.
If you do not enter a name, one is created automatically when you save the

search.

4. Enter your search criteria in the appropriate fields.

If you enter multiple criteria, the search returns only the records that match all
the criteria. Click the add icon (

) that appears next to a search field to use

an object as a search criterion.