Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000

Cisco Cisco Firepower Management Center 4000

Download
Page of 1844
 
42-10
FireSIGHT System User Guide
 
Chapter 42      Enhancing Network Discovery 
  Using Custom Fingerprinting
  •
In the 
Vendor String
 field, type the operating system’s vendor name. For example, the vendor for 
Microsoft Windows would be Microsoft.
  •
In the 
Product String
 field, type the operating system’s product name. For example, the product name 
for Microsoft Windows 2000 would be Windows.
  •
In the 
Version String
 field, type the operating system’s version number. For example, the version 
number for Microsoft Windows 2000 would be 2000.
Step 11
In the OS Vulnerability Mappings section, select the operating system, product, and versions you want 
to use for vulnerability mapping.
For example, if you want your custom fingerprint to assign the list of vulnerabilities from Redhat Linux 
9 to matching hosts, select 
Redhat, Inc.
 as the vendor, 
Redhat Linux
 as the product, and 
9
 as the major 
version.
Tip
When creating a fingerprint, you assign a single vulnerability mapping for the fingerprint. After the 
fingerprint is created and activated, you can add additional vulnerability mappings for other versions of 
the operating system. See 
 for more information.
You must specify a Vendor and Product name in this section if you want to use the fingerprint to identify 
vulnerabilities for matching hosts or if you do not assign custom operating system display information. 
To map vulnerabilities for all versions of an operating system, specify only the vendor and product name. 
For example, to add all versions of the Palm OS, you would select 
PalmSource, Inc. 
from the 
Vendor
 list, 
Palm OS
 from the 
Product
 list, and leave all other lists at their default settings.
Note
Not all options in the 
Major Version
Minor Version
Revision Version
Build
Patch
, and 
Extension
 
drop-down lists may apply to the operating system you choose. In addition, if no definition 
appears in a list that matches the operating system you want to fingerprint, you can leave these 
values empty. Be aware that if you do not create any OS vulnerability mappings in a fingerprint, 
the system cannot use the fingerprint to assign a vulnerabilities list with hosts identified by the 
fingerprint.
Step 12
Click 
Create
.
The Custom Fingerprint status page reappears. The status page refreshes every ten seconds until it 
receives data from the host in question.
Tip
When you click 
Create
, the status briefly shows 
New
, then switches to 
Pending
, where it remains until 
traffic is seen for the fingerprint, then the status switches to 
Ready
.
Step 13
Using the IP address you specified as the target IP address, access the host you are trying to fingerprint 
and initiate a TCP connection to the appliance.
For example, access the web interface of the Defense Center from the host you want to fingerprint or 
SSH into the Defense Center from the host. If you are using SSH, use the following command:
ssh -b localIPv6address DCmanagementIPv6address
where 
localIPv6address 
is the IPv6 address specified in step 7 that is currently assigned to the host 
and 
DCmanagementIPv6address
 is the management IPv6 address of the Defense Center.
The Custom Fingerprint page should then reload with a “Ready” status.