Cisco Cisco Firepower Management Center 4000
42-10
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Using Custom Fingerprinting
•
In the
Vendor String
field, type the operating system’s vendor name. For example, the vendor for
Microsoft Windows would be Microsoft.
•
In the
Product String
field, type the operating system’s product name. For example, the product name
for Microsoft Windows 2000 would be Windows.
•
In the
Version String
field, type the operating system’s version number. For example, the version
number for Microsoft Windows 2000 would be 2000.
Step 11
In the OS Vulnerability Mappings section, select the operating system, product, and versions you want
to use for vulnerability mapping.
to use for vulnerability mapping.
For example, if you want your custom fingerprint to assign the list of vulnerabilities from Redhat Linux
9 to matching hosts, select
9 to matching hosts, select
Redhat, Inc.
as the vendor,
Redhat Linux
as the product, and
9
as the major
version.
Tip
When creating a fingerprint, you assign a single vulnerability mapping for the fingerprint. After the
fingerprint is created and activated, you can add additional vulnerability mappings for other versions of
the operating system. See
fingerprint is created and activated, you can add additional vulnerability mappings for other versions of
the operating system. See
for more information.
You must specify a Vendor and Product name in this section if you want to use the fingerprint to identify
vulnerabilities for matching hosts or if you do not assign custom operating system display information.
To map vulnerabilities for all versions of an operating system, specify only the vendor and product name.
For example, to add all versions of the Palm OS, you would select
vulnerabilities for matching hosts or if you do not assign custom operating system display information.
To map vulnerabilities for all versions of an operating system, specify only the vendor and product name.
For example, to add all versions of the Palm OS, you would select
PalmSource, Inc.
from the
Vendor
list,
Palm OS
from the
Product
list, and leave all other lists at their default settings.
Note
Not all options in the
Major Version
,
Minor Version
,
Revision Version
,
Build
,
Patch
, and
Extension
drop-down lists may apply to the operating system you choose. In addition, if no definition
appears in a list that matches the operating system you want to fingerprint, you can leave these
values empty. Be aware that if you do not create any OS vulnerability mappings in a fingerprint,
the system cannot use the fingerprint to assign a vulnerabilities list with hosts identified by the
fingerprint.
appears in a list that matches the operating system you want to fingerprint, you can leave these
values empty. Be aware that if you do not create any OS vulnerability mappings in a fingerprint,
the system cannot use the fingerprint to assign a vulnerabilities list with hosts identified by the
fingerprint.
Step 12
Click
Create
.
The Custom Fingerprint status page reappears. The status page refreshes every ten seconds until it
receives data from the host in question.
receives data from the host in question.
Tip
When you click
Create
, the status briefly shows
New
, then switches to
Pending
, where it remains until
traffic is seen for the fingerprint, then the status switches to
Ready
.
Step 13
Using the IP address you specified as the target IP address, access the host you are trying to fingerprint
and initiate a TCP connection to the appliance.
and initiate a TCP connection to the appliance.
For example, access the web interface of the Defense Center from the host you want to fingerprint or
SSH into the Defense Center from the host. If you are using SSH, use the following command:
SSH into the Defense Center from the host. If you are using SSH, use the following command:
ssh -b localIPv6address DCmanagementIPv6address
where
localIPv6address
is the IPv6 address specified in step 7 that is currently assigned to the host
and
DCmanagementIPv6address
is the management IPv6 address of the Defense Center.
The Custom Fingerprint page should then reload with a “Ready” status.