Cisco Cisco Firepower Management Center 4000

For more information on creating correlation policies, see 

.

In the correlation policy, add the Nmap remediation you created in step as a response to the rule you 
created in step 

.

Activate the correlation policy.

When you are notified of a new host, check the host profile to see the results of the Nmap scan and 
address any vulnerabilities that apply to the host.

FireSIGHT

To scan using Nmap, you must first configure a scan instance and a scan remediation. If you plan to 
schedule Nmap scans, you must also define a scan target. 

For more information, see the following sections:

FireSIGHT

You can set up a separate scan instance for each Nmap module that you want to use to scan your network 
for vulnerabilities. You can set up scan instances for the local Nmap module on your Defense Center and 
for any devices you want to use to run scans remotely. The results of each scan are always stored on the 
Defense Center where you configure the scan, even if you run the scan from a remote device. To prevent 
accidental or malicious scanning of mission-critical hosts, you can create a blacklist for the instance to 
indicate the hosts that should never be scanned with the instance.

Note that you cannot add a scan instance with the same name as any existing scan instance.

Admin/Discovery Admin

Select 

. 

The Scanners page appears.

Click 

.

The Instance Detail page appears.

In the 

 field, enter a name that includes 1 to 63 alphanumeric characters, with no spaces 

and no special characters other than underscore (_) and dash (-). 

In the 

 field, specify a description with 0 to 255 alphanumeric characters, which can include 

spaces and special characters.

Optionally, in the 

field, specify any hosts or networks that should never be scanned 

with this scan instance, using the following syntax: