Cisco Cisco Firepower Management Center 4000

Note that this option scans port 80 by default and that TCP SYN scans are less likely to be blocked 
by a firewall with stateful firewall rules.

To send an empty TCP packet with the ACK flag set and elicit an RST response on available hosts, 
select 

Note that this option scans port 80 by default and that TCP ACK scans are less likely to be blocked 
by a firewall with stateless firewall rules.

To send a UDP packet to elicit port unreachable responses from closed ports on available hosts, 
select 

. This option scans port 40125 by default.

If you want to scan a custom list of ports during host discovery, type a list of ports appropriate for the 
host discovery method you selected, separated by commas, in 

.

Configure the 

 option to control whether to use the default set of Nmap scripts for host 

discovery and server, operating system, and vulnerability discovery:

To run the default set of Nmap scripts, select 

.

To skip the default set of Nmap scripts, select 

.

To set the timing of the scan process, select a timing template number; select a higher number for a faster, 
less comprehensive scan and a lower number for a slower, more comprehensive scan. 

Click 

, then click 

.

The remediation is created.

FireSIGHT

You can respond to a correlation event by setting a host attribute value on the host where the triggering 
event occurred. For text host attributes, you can choose to use the description from the event as the 
attribute value. For more information on host attributes, see 

To configure setting an attribute value in response to a correlation event, you must first create a set 
attribute instance, then add a set attribute remediation. You can then configure attribute value updates as 
responses to violations of rules within the policy. 

For more information, see the following sections:

FireSIGHT

You can set up an instance to set attribute values in response to correlation rule violations. 

Admin/Discovery Admin