Cisco Cisco Firepower Management Center 4000
38-46
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Vulnerabilities
Tip
To search the database for a different kind of event, select it from the
Table
drop-down list.
Step 3
Optionally, if you want to save the search, enter a name for the search in the
Name
field.
If you do not enter a name, the Defense Center automatically creates one when you save the search.
Step 4
Enter your search criteria in the appropriate fields. If you enter multiple criteria, the Defense Center
returns only the records that match all the criteria. Click the add icon (
returns only the records that match all the criteria. Click the add icon (
) that appears next to a search
field to use an object as a search criterion.
Step 5
If you want to save the search so that other users can access it, clear the
Save As Private
check box.
Otherwise, leave the check box selected to save the search so that only you can use it.
Tip
If you want to save a search as a restriction for custom user roles with restricted privileges, you must
save it as a private search.
save it as a private search.
Step 6
You have the following options:
•
Click
Search
to start the search.
Your search results appear in the default clients workflow. To use a different workflow, including a
custom workflow, click
custom workflow, click
(switch workflow)
. For information on specifying a different default
workflow, see
.
•
Click
Save
if you are modifying an existing search and want to save your changes.
•
Click
Save as New Search
to save the search criteria. The search is saved (and associated with your
user account if you selected
Save As Private
), so that you can run it at a later time.
Working with Vulnerabilities
License:
FireSIGHT
The FireSIGHT System includes its own vulnerability tracking database which is used, in conjunction
with the system’s fingerprinting capability, to identify the vulnerabilities associated with the hosts on
your network.
with the system’s fingerprinting capability, to identify the vulnerabilities associated with the hosts on
your network.
The operating systems, servers, and clients running on your hosts have different sets of associated
vulnerabilities. You can deactivate vulnerabilities for a host after you patch the host or otherwise judge
it immune to a vulnerability. You can use the Defense Center to track and review the vulnerabilities for
each host.
vulnerabilities. You can deactivate vulnerabilities for a host after you patch the host or otherwise judge
it immune to a vulnerability. You can use the Defense Center to track and review the vulnerabilities for
each host.
Note that vulnerabilities for vendorless and versionless servers are not mapped unless the applications
protocols used by the servers are mapped in the system policy. Vulnerabilities for vendorless and
versionless clients cannot be mapped. For more information, see
protocols used by the servers are mapped in the system policy. Vulnerabilities for vendorless and
versionless clients cannot be mapped. For more information, see
For more information, see:
•
•
•