Cisco Cisco Firepower Management Center 4000
38-48
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Vulnerabilities
Tip
If you are using a custom workflow that does not include the table view of vulnerabilities, click
(switch
workflow)
, then select
Vulnerabilities
.
Understanding the Vulnerabilities Table
License:
FireSIGHT
The FireSIGHT System includes its own vulnerability tracking database which is used, in conjunction
with the system’s fingerprinting capability, to identify the vulnerabilities associated with the hosts on
your network.
with the system’s fingerprinting capability, to identify the vulnerabilities associated with the hosts on
your network.
The operating systems, servers, and clients running on your hosts have different sets of associated
vulnerabilities. You can deactivate vulnerabilities for a host after you patch the host or otherwise judge
it immune to a vulnerability. You can use the Defense Center to track and review the vulnerabilities for
each host.
vulnerabilities. You can deactivate vulnerabilities for a host after you patch the host or otherwise judge
it immune to a vulnerability. You can use the Defense Center to track and review the vulnerabilities for
each host.
For more information on vulnerabilities, see
and
.
Descriptions of the fields in the vulnerabilities table follow.
SVID
The Cisco vulnerability identification number that the system uses to track vulnerabilities.
Click the view icon (
) to access the vulnerability details for the SVID. See
for more information.
Bugtraq ID
Snort ID
The identification number associated with the vulnerability in the Snort ID (SID) database. That is,
if an intrusion rule can detect network traffic that exploits a particular vulnerability, that
vulnerability is associated with the intrusion rule’s SID.
if an intrusion rule can detect network traffic that exploits a particular vulnerability, that
vulnerability is associated with the intrusion rule’s SID.
Note that a vulnerability can be associated with more than one SID (or no SIDs at all). If a
vulnerability is associated with more than one SID, the vulnerabilities table includes a row for each
SID.
vulnerability is associated with more than one SID, the vulnerabilities table includes a row for each
SID.
Title
The title of the vulnerability.
IP Address
The IP address associated with the host affected by the vulnerability.
Date Published
The date the vulnerability was published.