Cisco Cisco Firepower Management Center 4000
38-50
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Vulnerabilities
•
Constrain the vulnerabilities workflow based on the IP addresses of the host or hosts for which you
want to deactivate vulnerabilities. For hosts with multiple associated IP addresses, this function
applies only to the single, selected IP address of that host.
want to deactivate vulnerabilities. For hosts with multiple associated IP addresses, this function
applies only to the single, selected IP address of that host.
To constrain the view based on IP address, perform a search for vulnerabilities, specifying an IP address
or range of IP addresses for the hosts for which you want to deactivate vulnerabilities. For more
information on searching for vulnerabilities, see
or range of IP addresses for the hosts for which you want to deactivate vulnerabilities. For more
information on searching for vulnerabilities, see
To deactivate vulnerabilities:
Access:
Admin/Any Security Analyst
Step 1
On the Vulnerabilities on the Network page, select the check boxes next to vulnerabilities you want to
deactivate, then click
deactivate, then click
Review
.
Searching for Vulnerabilities
License:
FireSIGHT
You can search for vulnerabilities that affect the hosts on your network. You may want to create searches
customized for your network environment, then save them to reuse later.
customized for your network environment, then save them to reuse later.
General Search Syntax
The system displays examples of valid syntax next to each search field. When entering search criteria,
keep the following points in mind:
keep the following points in mind:
•
All fields accept negation (
!
).
•
All fields accept comma-separated lists. If you enter multiple criteria, the search returns only the
records that match all the criteria.
records that match all the criteria.
•
Many fields accept one or more asterisks (
*
) as wild cards.
•
For some fields, you can specify
n/a
or
blank
in the field to identify events where information is not
available for that field; use
!n/a
or
!blank
to identify the events where that field is populated.
•
Most fields are case-insensitive.
•
IP addresses may be specified using CIDR notation. For information on entering IPv4 and IPv6
addresses in the FireSIGHT System, see
addresses in the FireSIGHT System, see
.
•
Click the add object icon (
) that appears next to a search field to use an object as a search
criterion.
For detailed information on search syntax, including using objects in searches, see
.
Specific Search Criteria for Vulnerabilities
Note the following information specific to searching for vulnerabilities:
•
Enter
TRUE
to search for vulnerabilities that are exploited, or
FALSE
to exclude such vulnerabilities.
To search for vulnerabilities:
Access:
Admin/Any Security Analyst