Cisco Cisco FirePOWER Appliance 7030
36-7
FireSIGHT System User Guide
Chapter 36 Using the Network Map
Working with the Vulnerabilities Network Map
•
If you delete a specific application, vendor, or version, the affected application is removed from the
network map and from any host profiles that contain it.
network map and from any host profiles that contain it.
For example, if you expand the
http
category and delete
Apache
, all applications listed as Apache
with any version listed beneath Apache are removed from any host profiles that contain them.
Similarly, if instead of deleting
Similarly, if instead of deleting
Apache
, you delete a specific version (
1.3.17
, for example), only the
version you selected will be deleted from affected host profiles.
•
If you delete a specific IP address, the IP address is removed from the application list and the
application itself is removed from the host profile of the IP address you selected.
application itself is removed from the host profile of the IP address you selected.
For example, if you expand
http
,
Apache
,
1.3.17 (Win32)
, and then delete
172.16.1.50:80/tcp
, the Apache
1.3.17 (Win32) application is deleted from the host profile of IP address 172.16.1.50.
To view the applications network map:
Access:
Admin/Any Security Analyst
Step 1
Select
Analysis > Hosts > Network Map > Applications
.
The applications network map appears.
Step 2
Drill down to the specific application you want to investigate.
For example, if you want to view a specific type of web server like Apache, click
http
, then click
Apache
,
and then click the version of the Apache web server you want to view.
To filter by IP or MAC addresses, type an address in the search field. To clear the search, click the clear
icon (
icon (
).
Step 3
Click a specific IP address under the application you selected.
The host profile of the host running the application appears with the applications section expanded. For
more information about the applications section of the host profile, see
more information about the applications section of the host profile, see
.
Step 4
Optionally, to delete any application category, any application running on all hosts, or any application
running on a specific host, click the delete icon (
running on a specific host, click the delete icon (
) next to the element you want to delete, then confirm
that you want to delete it.
The application is deleted. If the system rediscovers the application, it is re-added to the network map.
Working with the Vulnerabilities Network Map
License:
FireSIGHT
Use the vulnerabilities network map to view the vulnerabilities that the system has detected on your
network, organized by Sourcefire vulnerability ID (SVID), Bugtraq ID, CVE ID, or Snort ID. The
vulnerabilities are arranged by identification number, with affected hosts listed beneath each
vulnerability.
network, organized by Sourcefire vulnerability ID (SVID), Bugtraq ID, CVE ID, or Snort ID. The
vulnerabilities are arranged by identification number, with affected hosts listed beneath each
vulnerability.
From the vulnerabilities network map, you can view the details of specific vulnerabilities; you can also
view the host profile of any host subject to a specific vulnerability. This can help you evaluate the threat
posed by that vulnerability to specific affected hosts.
view the host profile of any host subject to a specific vulnerability. This can help you evaluate the threat
posed by that vulnerability to specific affected hosts.
If you deem that a specific vulnerability is not applicable to the hosts on your network (for example, you
have applied a patch), you can deactivate the vulnerability. Deactivated vulnerabilities still appear on the
network map, but the IP addresses of their previously affected hosts appear in gray italics. The host
have applied a patch), you can deactivate the vulnerability. Deactivated vulnerabilities still appear on the
network map, but the IP addresses of their previously affected hosts appear in gray italics. The host