Cisco Cisco Firepower Management Center 4000
42-31
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Importing Host Input Data
•
•
Mapping Third-Party Products
License:
FireSIGHT
If you import data from a third party, you must map the Cisco product to the third-party name to assign
vulnerabilities and perform impact correlation using that data. Mapping the product associates Cisco
vulnerability information with the third-party product name, which allows the system to perform impact
correlation using that data.
vulnerabilities and perform impact correlation using that data. Mapping the product associates Cisco
vulnerability information with the third-party product name, which allows the system to perform impact
correlation using that data.
If you import data using the host input import feature, you can also use the AddScanResult function to
map third-party products to operating system and application vulnerabilities during the import.
map third-party products to operating system and application vulnerabilities during the import.
As an example, if you import data from a third party that lists Apache Tomcat as an application and you
know it is version 6 of that product, you could add a third-party map where
know it is version 6 of that product, you could add a third-party map where
Vendor Name
is set to
Apache
,
Product Name
is set to
Tomcat
,
Apache
is selected from the
Vendor
drop-down list,
Tomcat
is selected from
the
Product
drop-down list, and
6
is selected from the
Version
drop-down list. That mapping would cause
any vulnerabilities for Apache Tomcat 6 to be assigned to hosts with an application listing for Apache
Tomcat.
Tomcat.
Note that for versionless or vendorless applications, you must map vulnerabilities for the application
types in the system policy. For more information, see
types in the system policy. For more information, see
Note that although many clients have associated vulnerabilities, and clients are used for impact
assessment, you cannot import and map third-party client vulnerabilities.
assessment, you cannot import and map third-party client vulnerabilities.
Tip
If you have already created a third-party mapping on another Defense Center, you can export it and then
import it onto this Defense Center. You can then edit the imported mapping to suit your needs. For more
information, see
import it onto this Defense Center. You can then edit the imported mapping to suit your needs. For more
information, see
To map a third-party product to a Cisco product definition:
Access:
Admin
Step 1
Select
Policies
> Application Detectors
, then click
User Third-Party Mappings
.
The User Third-Party Mappings page appears.
Step 2
You have two choices:
•
To edit an existing map set, click
Edit
next to the map set.
•
To create a new map set, click
Create Product Map Set
.
The Edit Third-Party Product Mappings page appears.
Step 3
Type a name for the mapping set in the
Mapping Set Name
field.
Step 4
Type a description in the
Description
field.
Step 5
You have two choices:
•
To map a third-party product, click
Add Product Map.
•
To edit an existing third-party product map, click
Edit
next to the map set.
The Add Product Map page appears.
Step 6
Type the vendor string used by the third-party product in the
Vendor String
field.