Cisco Cisco Firepower Management Center 4000

Page of 1844
 
36-7
FireSIGHT System User Guide
 
Chapter 36      Using the Network Map
  Working with the Vulnerabilities Network Map
  •
If you delete a specific application, vendor, or version, the affected application is removed from the 
network map and from any host profiles that contain it.
For example, if you expand the 
http
 category and delete 
Apache
, all applications listed as Apache 
with any version listed beneath Apache are removed from any host profiles that contain them. 
Similarly, if instead of deleting 
Apache
, you delete a specific version (
1.3.17
, for example), only the 
version you selected will be deleted from affected host profiles.
  •
If you delete a specific IP address, the IP address is removed from the application list and the 
application itself is removed from the host profile of the IP address you selected.
For example, if you expand 
http
Apache
1.3.17 (Win32)
, and then delete 
172.16.1.50:80/tcp
, the Apache 
1.3.17 (Win32) application is deleted from the host profile of IP address 172.16.1.50.
To view the applications network map:
Access: 
Admin/Any Security Analyst
Step 1
Select 
Analysis > Hosts > Network Map > Applications
.
The applications network map appears.
Step 2
Drill down to the specific application you want to investigate.
For example, if you want to view a specific type of web server like Apache, click 
http
, then click 
Apache
and then click the version of the Apache web server you want to view. 
To filter by IP or MAC addresses, type an address in the search field. To clear the search, click the clear 
icon (
).
Step 3
Click a specific IP address under the application you selected.
The host profile of the host running the application appears with the applications section expanded. For 
more information about the applications section of the host profile, see 
.
Step 4
Optionally, to delete any application category, any application running on all hosts, or any application 
running on a specific host, click the delete icon (
) next to the element you want to delete, then confirm 
that you want to delete it.
The application is deleted. If the system rediscovers the application, it is re-added to the network map.
Working with the Vulnerabilities Network Map
License: 
FireSIGHT
Use the vulnerabilities network map to view the vulnerabilities that the system has detected on your 
network, organized by Sourcefire vulnerability ID (SVID), Bugtraq ID, CVE ID, or Snort ID. The 
vulnerabilities are arranged by identification number, with affected hosts listed beneath each 
vulnerability.
From the vulnerabilities network map, you can view the details of specific vulnerabilities; you can also 
view the host profile of any host subject to a specific vulnerability. This can help you evaluate the threat 
posed by that vulnerability to specific affected hosts.
If you deem that a specific vulnerability is not applicable to the hosts on your network (for example, you 
have applied a patch), you can deactivate the vulnerability. Deactivated vulnerabilities still appear on the 
network map, but the IP addresses of their previously affected hosts appear in gray italics. The host