Cisco Cisco FirePOWER Appliance 8250
38-47
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Vulnerabilities
•
Viewing Vulnerabilities
License:
FireSIGHT
You can use the Defense Center to view a table of vulnerabilities. Then, you can manipulate the event
view depending on the information you are looking for.
view depending on the information you are looking for.
The page you see when you access vulnerabilities differs depending on the workflow you use. You can
use the predefined workflow, which includes a table view of vulnerabilities. The table view contains a
row for each vulnerability in the database, regardless of whether any of your detected hosts exhibit the
vulnerabilities. The second page of the predefined workflow contains a row for each vulnerability (that
you have not deactivated) that applies to detected hosts on your network. The predefined workflow
terminates in a vulnerability detail view, which contains a detailed description for every vulnerability
that meets your constraints.
use the predefined workflow, which includes a table view of vulnerabilities. The table view contains a
row for each vulnerability in the database, regardless of whether any of your detected hosts exhibit the
vulnerabilities. The second page of the predefined workflow contains a row for each vulnerability (that
you have not deactivated) that applies to detected hosts on your network. The predefined workflow
terminates in a vulnerability detail view, which contains a detailed description for every vulnerability
that meets your constraints.
Tip
If you want to see the vulnerabilities that apply to a single host or set of hosts, perform a search for
vulnerabilities, specifying an IP address or range of IP addresses for the hosts. For more information on
searching for vulnerabilities, see
vulnerabilities, specifying an IP address or range of IP addresses for the hosts. For more information on
searching for vulnerabilities, see
You can also create a custom workflow that displays only the information that matches your specific
needs. For information on creating a custom workflow, see
needs. For information on creating a custom workflow, see
.
The following table describes some of the specific actions you can perform on an vulnerabilities
workflow page. You can also perform the tasks described in the
workflow page. You can also perform the tasks described in the
table.
To view vulnerabilities:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Vulnerabilities > Vulnerabilities
.
The first page of the default vulnerabilities workflow appears. To use a different workflow, including a
custom workflow, click
custom workflow, click
(switch workflow)
. For information on specifying a different default workflow, see
.
Table 38-11
Vulnerability Actions
To...
You can...
learn more about the contents of the
columns in the table
columns in the table
find more information in
view the vulnerability details for a
vulnerability
vulnerability
click the view icon (
) in the SVID column. Alternatively,
constrain on the vulnerability ID and drill down to the
vulnerability details page. For more information, see
vulnerability details page. For more information, see
deactivate selected vulnerabilities so
they are no longer used for intrusion
impact correlation for currently
vulnerable hosts
they are no longer used for intrusion
impact correlation for currently
vulnerable hosts
find more information in
.
view the full text of a vulnerability title right-click the title and select
Show Full Text
.