Cisco Cisco FirePOWER Appliance 8250
42-33
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Importing Host Input Data
Step 7
In the Product Mappings section, select the operating system, product, and versions you want to use for
fix mapping from the following lists (if applicable):
fix mapping from the following lists (if applicable):
•
Vendor
•
Product
•
Major Version
•
Minor Version
•
Revision Version
•
Build
•
Patch
•
Extension
For example, if you want your mapping to assign the selected fixes from Red Hat Linux 9 to hosts where
the patch is applied, select
the patch is applied, select
Redhat, Inc.
as the vendor,
Redhat Linux
as the product, and
9
as the version.
Step 8
Click
Save
to save the fix map.
Mapping Third-Party Vulnerabilities
License:
FireSIGHT
To add vulnerability information from a third party to the VDB, you must map the third-party
identification string for each imported vulnerability to any existing Cisco, Bugtraq, or Snort ID. After
you create a mapping for the vulnerability, the mapping works for all vulnerabilities imported to hosts
in your network map and allows impact correlation for those vulnerabilities.
identification string for each imported vulnerability to any existing Cisco, Bugtraq, or Snort ID. After
you create a mapping for the vulnerability, the mapping works for all vulnerabilities imported to hosts
in your network map and allows impact correlation for those vulnerabilities.
Note that you must also enable impact correlation for third-party vulnerabilities to allow correlation to
occur. For more information, see
occur. For more information, see
versionless or vendorless applications, you must also map vulnerabilities for the application types in the
system policy. For more information, see
system policy. For more information, see
Also, although many clients have associated vulnerabilities, and clients are used for impact assessment,
you cannot use third-party client vulnerabilities for impact assessment.
you cannot use third-party client vulnerabilities for impact assessment.
Tip
If you have already created a third-party mapping on another Defense Center, you can export it and then
import it onto this Defense Center. You can then edit the imported mapping to suit your needs. For more
information, see
import it onto this Defense Center. You can then edit the imported mapping to suit your needs. For more
information, see
To map a third-party vulnerability to an existing vulnerability:
Access:
Admin
Step 1
Select
Policies
> Application Detectors
, then click
User Third-Party Mappings
.
The User Third-Party Mappings page appears.
Step 2
You have two choices:
•
To edit an existing vulnerability set, click
Edit
next to the vulnerability set.
•
To create a new vulnerability set, click
Create Vulnerability Map Set
.
The Edit Third-Party Vulnerability Mappings page appears.