Cisco Cisco Firepower Management Center 4000
C H A P T E R
43-1
FireSIGHT System User Guide
43
Configuring Active Scanning
The FireSIGHT System builds a network map through passive analysis of traffic on your network.
However, you may sometimes need to actively scan a host to determine information about that host. For
example, if a host has a server running on an open port but the server has not received or sent traffic
during the time that the system has been monitoring your network, the system does not add information
about that server to the network map. If you directly scan that host using an active scanner, however, you
can detect the presence of the server.
However, you may sometimes need to actively scan a host to determine information about that host. For
example, if a host has a server running on an open port but the server has not received or sent traffic
during the time that the system has been monitoring your network, the system does not add information
about that server to the network map. If you directly scan that host using an active scanner, however, you
can detect the presence of the server.
When you actively scan a host, you send packets in an attempt to obtain information about the host. The
FireSIGHT System integrates with Nmap™ 6.01, an open source active scanner for network exploration
and security auditing that can be used to detect operating systems and servers running on a host. With
an Nmap scan, you can check for detailed information about the operating system and servers running
on the host and refine the system’s vulnerability reporting based on those results.
FireSIGHT System integrates with Nmap™ 6.01, an open source active scanner for network exploration
and security auditing that can be used to detect operating systems and servers running on a host. With
an Nmap scan, you can check for detailed information about the operating system and servers running
on the host and refine the system’s vulnerability reporting based on those results.
Note
Some scanning options (such as portscans) may place a significant load on networks with low
bandwidths. You should always schedule scans like these to run during periods of low network use.
bandwidths. You should always schedule scans like these to run during periods of low network use.
For more information, see the following sections:
•
•
•
•
•
Understanding Nmap Scans
License:
FireSIGHT
Nmap allows you to actively scan ports on hosts on your network to determine operating system and
server data for the hosts, which allows you to enhance your network map and fine-tune the accuracy of
the vulnerabilities mapped to scanned hosts. Note that a host must exist in the network map before Nmap
can append its results to the host profile. You can also view scan results in a results file.
server data for the hosts, which allows you to enhance your network map and fine-tune the accuracy of
the vulnerabilities mapped to scanned hosts. Note that a host must exist in the network map before Nmap
can append its results to the host profile. You can also view scan results in a results file.
When you scan a host using Nmap, servers on previously undetected open ports are added to the Servers
list in the host profile for that host. The host profile lists any servers detected on filtered or closed TCP
ports or on UDP ports in the Scan Results section. By default, Nmap scans more than 1660 TCP ports.
list in the host profile for that host. The host profile lists any servers detected on filtered or closed TCP
ports or on UDP ports in the Scan Results section. By default, Nmap scans more than 1660 TCP ports.