Cisco Cisco Firepower Management Center 4000
43-11
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Setting up Nmap Scans
•
for IPv4 hosts, an IP address block using CIDR notation (for example,
192.168.1.0/24
scans the
254 hosts between 192.168.1.1 and 192.168.1.254, inclusive)
For information on using CIDR notation in the FireSIGHT System, see
.
•
for IPv4 hosts, an IP address range using octet range addressing (for example,
192.168.0-255.1-254
scans all addresses in the
192.168.x.x
range, except those that end in .0 and
or .255)
•
for IPv4 hosts, an IP address range using hyphenation (for example,
192.168.1.1
-
192.168.1.5
scans the 6 hosts between 192.168.1.1 and 192.168.1.5, inclusive)
•
for IPv4 hosts, a list of addresses or ranges separated by commas or spaces (for example, for
example,
example,
192.168.1.0/24, 194.168.1.0/24
scans the 254 hosts between 192.168.1.1 and
192.168.1.254, inclusive and the 254 hosts between 194.168.1.1 and 194.168.1.254, inclusive)
Note
The
IP Range
text box accepts up to 255 characters. In addition, note that if you use a comma in
a list of IP addresses or ranges in a scan target, the comma converts to a space when you save
the target.
the target.
Step 6
In the
Ports
field, specify the ports you want to scan.
You can enter any of the following, using values from 1 to 65535:
•
a port number
•
a list of ports separated by commas
•
a range of port numbers separated by a dash
•
ranges of port numbers separated by dashes, separated by commas
Step 7
Click
Save
.
The scan target is created.
Creating an Nmap Remediation
License:
FireSIGHT
You can define the settings for an Nmap scan by creating an Nmap remediation. An Nmap remediation
can be used as a response in a correlation policy, run on demand, or scheduled to run at a specific time.
In order for the results of an Nmap scan to appear in the network map, the scanned host must already
exist in the network map.
can be used as a response in a correlation policy, run on demand, or scheduled to run at a specific time.
In order for the results of an Nmap scan to appear in the network map, the scanned host must already
exist in the network map.
For more information on the specific settings in an Nmap remediation, see
Note that Nmap-supplied server and operating system data remains static until you run another Nmap
scan. If you plan to scan a host for operating system and server data using Nmap, you may want to set
up regularly scheduled scans to keep any Nmap-supplied operating system and server data up-to-date.
For more information, see
scan. If you plan to scan a host for operating system and server data using Nmap, you may want to set
up regularly scheduled scans to keep any Nmap-supplied operating system and server data up-to-date.
For more information, see
. Also note that if the host is deleted from
the network map, any Nmap scan results for that host are discarded.