Cisco Cisco Firepower Management Center 4000
53-13
FireSIGHT System User Guide
Chapter 53 Updating System Software
Updating the Vulnerability Database
Step 4
Clear your browser cache and force a reload of the browser. Otherwise, the user interface may exhibit
unexpected behavior.
unexpected behavior.
Step 5
Select
Help > About
and confirm that the software version is listed correctly.
Step 6
Verify that the appliance where you uninstalled the patch is successfully communicating with its
managed devices (for the Defense Center) or its managing Defense Center (for managed devices).
managed devices (for the Defense Center) or its managing Defense Center (for managed devices).
Updating the Vulnerability Database
License:
Any
The Cisco Vulnerability Database (VDB) is a database of known vulnerabilities to which hosts may be
susceptible, as well as fingerprints for operating systems, clients, and applications. The FireSIGHT
System correlates the fingerprints with the vulnerabilities to help you determine whether a particular
host increases your risk of network compromise. The Cisco Vulnerability Research Team (VRT) issues
periodic updates to the VDB.
susceptible, as well as fingerprints for operating systems, clients, and applications. The FireSIGHT
System correlates the fingerprints with the vulnerabilities to help you determine whether a particular
host increases your risk of network compromise. The Cisco Vulnerability Research Team (VRT) issues
periodic updates to the VDB.
To update the VDB, use the Product Updates page on the Defense Center. When you upload VDB
updates obtained from Support to your appliance, they appear on the page along with updates and
uninstaller updates for the FireSIGHT System.
updates obtained from Support to your appliance, they appear on the page along with updates and
uninstaller updates for the FireSIGHT System.
The time it takes to update vulnerability mappings depends on the number of hosts in your network map.
You may want to schedule the update during low system usage times to minimize the impact of any
system downtime. As a rule of thumb, divide the number of hosts on your network by 1000 to determine
the approximate number of minutes to perform the update.
You may want to schedule the update during low system usage times to minimize the impact of any
system downtime. As a rule of thumb, divide the number of hosts on your network by 1000 to determine
the approximate number of minutes to perform the update.
Note
When you install a VDB update with changes to application detectors or operating system fingerprints,
Cisco recommends that you check whether any of your managed devices are out-of-date and need to be
reapplied. Installing a VDB update with detection updates may cause a short pause in traffic flow and
processing on your managed devices, and may also cause a few packets to pass uninspected.
Cisco recommends that you check whether any of your managed devices are out-of-date and need to be
reapplied. Installing a VDB update with detection updates may cause a short pause in traffic flow and
processing on your managed devices, and may also cause a few packets to pass uninspected.
This section explains how to plan for and perform manual VDB updates. You can take advantage of the
automated update feature to schedule VDB updates; see
automated update feature to schedule VDB updates; see
To update the vulnerability database:
Access:
Admin
Step 1
Read the VDB Update Advisory Text for the update.
The advisory text includes information about the changes to the VDB made in the update, as well as
product compatibility information.
product compatibility information.
Step 2
Select
System > Updates
.
The Product Updates page appears.
Step 3
Upload the update to the Defense Center:
•
If your Defense Center has access to the Internet, click
Download Updates
to check for the latest
updates one either of the following Support Sites:
– Sourcefire: