Cisco Cisco Firepower Management Center 4000
43-10
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Setting up Nmap Scans
•
For IPv6 hosts, an exact IP address (for example,
2001:DB8::fedd:eeff
)
•
For IPv4 hosts, an exact IP address (for example,
192.168.1.101
) or an IP address block using
CIDR notation (for example,
192.168.1.0/24
scans the 254 hosts between
192.168.1.1
and
192.168.1.254
, inclusive)
•
Note that you cannot use an exclamation mark (!) to negate an address value.
If you specifically target a scan to a host that is in a blacklisted network, that scan will not run.
Step 6
Optionally, to run the scan from a remote device instead of the Defense Center, specify the IP address
or name of the device as it appears in the Information page for the device in the Defense Center web
interface, in the
or name of the device as it appears in the Information page for the device in the Defense Center web
interface, in the
Remote Device Name
field.
Step 7
Click
Create
.
The scan instance is created.
Creating an Nmap Scan Target
License:
FireSIGHT
You can create and save scan targets that identify specific hosts and ports. Then, when you perform an
on-demand scan or schedule a scan, you can use one of the saved scan targets.
on-demand scan or schedule a scan, you can use one of the saved scan targets.
For scans of targets with IPv4 addresses, you can use an IP address, a list of IP addresses, CIDR notation,
or Nmap scan octets to select the hosts to scan. You can also specify a range of addresses using a hyphen.
Separate addresses and ranges in a list with commas or spaces.
or Nmap scan octets to select the hosts to scan. You can also specify a range of addresses using a hyphen.
Separate addresses and ranges in a list with commas or spaces.
For scans of IPv6 addresses, use an IP address. Ranges are not supported.
Note that Nmap-supplied server and operating system data remains static until you run another Nmap
scan. If you plan to scan a host using Nmap, you may want to set up regularly scheduled scans to keep
any Nmap-supplied operating system and server data up to date. For more information, see
scan. If you plan to scan a host using Nmap, you may want to set up regularly scheduled scans to keep
any Nmap-supplied operating system and server data up to date. For more information, see
. Also note that if the host is deleted from the network map, any Nmap scan
results for that host are discarded.
To create a scan target:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Scanners
.
The Scanners page appears.
Step 2
On the toolbar, click
Targets
.
The Scan Target List page appears.
Step 3
Click
Create Scan Target
.
The Scan Target page appears.
Step 4
In the
Name
field, type the name you want to use for this scan target.
Step 5
In the
IP Range
text box, specify the host or hosts you want to scan, using the following syntax:
•
for IPv6 hosts, an exact IP address (for example,
2001:DB8::fedd:eeff
)
•
for IPv4 hosts, an exact IP address (for example,
192.168.1.101
) or comma-separated list of IP
addresses