Cisco Cisco Firepower Management Center 4000
50-28
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
For example, a host serves SMTP traffic that does not have a vendor or version in the header. If you
enable the SMTP server on the Vulnerability Mapping page of a system policy, then apply that policy to
the Defense Center managing the device that detects the traffic, all vulnerabilities associated with SMTP
servers are added to the host profile for the host.
enable the SMTP server on the Vulnerability Mapping page of a system policy, then apply that policy to
the Defense Center managing the device that detects the traffic, all vulnerabilities associated with SMTP
servers are added to the host profile for the host.
Although detectors collect server information and add it to host profiles, the application protocol
detectors will not be used for vulnerability mapping, because you cannot specify a vendor or version for
a custom application protocol detector and cannot select the server for vulnerability mapping in the
system policy.
detectors will not be used for vulnerability mapping, because you cannot specify a vendor or version for
a custom application protocol detector and cannot select the server for vulnerability mapping in the
system policy.
To configure vulnerability mapping for servers:
Access:
Admin
Step 1
Select
System > Local > System Policy
.
The System Policy page appears.
Step 2
You have the following options:
•
To modify vulnerability mapping settings in an existing system policy, click the edit icon (
) next
to the system policy.
•
To configure vulnerability mapping settings as part of a new system policy, click
Create Policy
.
Provide a name and description for the system policy as described in
, and click
Save
.
In either case, the Access List page appears.
Step 3
Click
Vulnerability Mapping
.
The Vulnerability Mapping page appears.
Step 4
You have the following options:
•
To prevent vulnerabilities for a server from being mapped to hosts that receive application protocol
traffic without vendor or version information, clear the check box for that server.
traffic without vendor or version information, clear the check box for that server.
•
To cause vulnerabilities for a server to be mapped to hosts that receive application protocol traffic
without vendor or version information, select the check box for that server.
without vendor or version information, select the check box for that server.
Tip
You can select or clear all check boxes at once using the check box next to
Enabled
.
Step 5
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy to the
Defense Center and its managed devices. See
Defense Center and its managed devices. See
for more
information.