Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1767
Configuring Active Scanning
Understanding Nmap Scans
Chapter 41
Use Port From
Event
If you plan to use the remediation as a response in a
correlation policy, enable to cause the remediation to scan
only the port specified in the event that triggers the
correlation response.
TIP!
You can also control whether Nmap collects information
about operating system and server information. Enable the
Use Port From Event option to scan the port associated with
the new server.
N/A
Scan from
reporting
detection engine
Enable to scan a host from the appliance where the
detection engine that reported the host resides.
N/A
Fast Port Scan
Enable to scan only the TCP ports listed in the
nmap-services
file located in the
/var/sf/nmap/share/
nmap/nmap-services
directory on the device that does the
scanning, ignoring other port settings. Note that you cannot
use this option with the Port Ranges and Scan Order option.
-F
Port Ranges and
Scan Order
Set the specific ports you want to scan, using Nmap port
specification syntax, and the order you want to scan them.
Note that you cannot use this option with the Fast Port Scan
option.
-p
Probe open ports
for vendor and
version
information
Enable to detect server vendor and version information. If
you probe open ports for server vendor and version
information, Nmap obtains server data that it uses to identify
servers. It then replaces the Sourcefire server data for that
server.
-sV
Service Version
Intensity
Select the intensity of Nmap probes for service versions.
Higher service intensity numbers cause more probes to be
used and result in higher accuracy, while lower intensity
probes are faster but obtain less information.
--version-
intensity
intensity
<intensity>
Detect
Operating
System
Enable to detect operating system information for the host.
If you configure detection of the operating system for a host,
If you configure detection of the operating system for a host,
Nmap scans the host and uses the results to create a rating
for each operating system that reflects the likelihood that the
operating system is running on the host. For more
information on when and how Nmap-identified identity data
appears in the network map, see
-o
Nmap Remediation Options (Continued)
O
PTION
D
ESCRIPTION
C
ORRESPONDING
N
MAP
O
PTION