Cisco Cisco FirePOWER Appliance 7010
42-30
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Importing Host Input Data
•
•
•
Enabling the Use of Third-Party Data
License:
FireSIGHT
You can import network map data from third-party systems on your network. However, to enable features
where intrusion and discovery data are used together, such as FireSIGHT recommendations, adaptive
profiles, or impact assessment, you should map as many elements of it as possible to corresponding
definitions. Consider the following requirements for using third-party data:
where intrusion and discovery data are used together, such as FireSIGHT recommendations, adaptive
profiles, or impact assessment, you should map as many elements of it as possible to corresponding
definitions. Consider the following requirements for using third-party data:
•
If you have a third-party system that has specific data on your network assets, you can import that
data using the host input feature. However, because third parties may name the products differently,
you must map the third-party vendor, product, and versions to the corresponding Cisco product
definition. After you map the products, you must enable vulnerability mappings for impact
assessment in the system policy to allow impact correlation. For versionless or vendorless
application protocols, you need to map vulnerabilities for the application protocols in the system
policy. For more information, see
data using the host input feature. However, because third parties may name the products differently,
you must map the third-party vendor, product, and versions to the corresponding Cisco product
definition. After you map the products, you must enable vulnerability mappings for impact
assessment in the system policy to allow impact correlation. For versionless or vendorless
application protocols, you need to map vulnerabilities for the application protocols in the system
policy. For more information, see
.
•
If you import patch information from a third party and you want to mark all vulnerabilities fixed by
that patch as invalid, you must map the third-party fix name to a fix definition in the database. All
vulnerabilities addressed by the fix will then be removed from hosts where you add that fix. For
more information, see
that patch as invalid, you must map the third-party fix name to a fix definition in the database. All
vulnerabilities addressed by the fix will then be removed from hosts where you add that fix. For
more information, see
.
•
If you import operating system and application protocol vulnerabilities from a third party and you
want to use them for impact correlation, you must map the third-party vulnerability identification
string to vulnerabilities in the database. Note that although many clients have associated
vulnerabilities, and clients are used for impact assessment, you cannot import and map third-party
client vulnerabilities. After the vulnerabilities are mapped, you must enable third-party vulnerability
mappings for impact assessment in the system policy. For more information, see
want to use them for impact correlation, you must map the third-party vulnerability identification
string to vulnerabilities in the database. Note that although many clients have associated
vulnerabilities, and clients are used for impact assessment, you cannot import and map third-party
client vulnerabilities. After the vulnerabilities are mapped, you must enable third-party vulnerability
mappings for impact assessment in the system policy. For more information, see
. To cause application protocols without vendor or version
information to map to vulnerabilities, an administrative user must also map vulnerabilities for the
applications in the system policy. For more information, see
applications in the system policy. For more information, see
•
If you import application data and you want to use that data for impact correlation, you must map
the vendor string for each application protocol to the corresponding Cisco application protocol
definition. For more information, see
the vendor string for each application protocol to the corresponding Cisco application protocol
definition. For more information, see
Managing Third-Party Product Mappings
License:
FireSIGHT
When you add data from third parties to the network map through the user input feature, you must map
the vendor, product, and version names used by the third party to the Cisco product definitions. Mapping
the products to Cisco definitions assigns vulnerabilities based on those definitions.
the vendor, product, and version names used by the third party to the Cisco product definitions. Mapping
the products to Cisco definitions assigns vulnerabilities based on those definitions.
Similarly, if you are importing patch information from a third party, such as a patch management
product, you must map the name for the fix to the appropriate vendor and product and the corresponding
fix in the database.
product, you must map the name for the fix to the appropriate vendor and product and the corresponding
fix in the database.
For more information, see the following sections: