Cisco Cisco FirePOWER Appliance 8130
42-13
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Using Custom Fingerprinting
•
In the
Vendor String
field, type the operating system’s vendor name. For example, the vendor for
Microsoft Windows would be Microsoft.
•
In the
Product String
field, type the operating system’s product name. For example, the product name
for Microsoft Windows 2000 would be Windows.
•
In the
Version String
field, type the operating system’s version number. For example, the version
number for Microsoft Windows 2000 would be 2000.
Step 16
In the OS Vulnerability Mappings section, select the operating system, product, and versions you want
to use for vulnerability mapping. For example, if you want your custom fingerprint to assign the list of
vulnerabilities from Redhat Linux 9 to matching hosts, select
to use for vulnerability mapping. For example, if you want your custom fingerprint to assign the list of
vulnerabilities from Redhat Linux 9 to matching hosts, select
Redhat, Inc.
as the vendor,
Redhat Linux
as
the product, and
9
as the version.
Tip
When creating a fingerprint, you assign a single vulnerability mapping for the fingerprint. After the
fingerprint is created and activated, you can add additional vulnerability mappings for other versions of
the operating system. See
fingerprint is created and activated, you can add additional vulnerability mappings for other versions of
the operating system. See
for more information.
You must specify a Vendor and Product name in this section if you want to use the fingerprint to identify
vulnerabilities for matching hosts or if you do not assign custom operating system display information.
To map vulnerabilities for all versions of an operating system, specify only the vendor and product name.
For example, to add all versions of the Palm OS, you would select
vulnerabilities for matching hosts or if you do not assign custom operating system display information.
To map vulnerabilities for all versions of an operating system, specify only the vendor and product name.
For example, to add all versions of the Palm OS, you would select
PalmSource, Inc.
from the
Vendor
list,
Palm OS
from the
Product
list, and leave all other lists at their default settings.
Note
Not all options in the
Major Version
,
Minor Version
,
Revision Version
,
Build
,
Patch
, and
Extension
drop-down lists may apply to the operating system you choose. In addition, if no definition
appears in a list that matches the operating system you want to fingerprint, you can leave these
values empty. Be aware that if you do not create any OS vulnerability mappings in a fingerprint,
the system cannot use the fingerprint to assign a vulnerabilities list with hosts identified by the
fingerprint.
appears in a list that matches the operating system you want to fingerprint, you can leave these
values empty. Be aware that if you do not create any OS vulnerability mappings in a fingerprint,
the system cannot use the fingerprint to assign a vulnerabilities list with hosts identified by the
fingerprint.
Step 17
Click
Create
.
Step 18
The Custom Fingerprint status page appears. It reloads every ten seconds and should reload with a
“Ready” status.
“Ready” status.
Note
If the target system stops responding during the fingerprinting process, the status shows an
ERROR: No Response
message. If you see this message, submit the fingerprint again. Wait three
to five minutes (the time period may vary depending on the target system), click the edit icon
(
(
) to access the Custom Fingerprint page, and then click
Create
.
Step 19
After the fingerprint is created, activate it and, optionally, add vulnerability mappings. See
for more information.
Managing Fingerprints
License:
FireSIGHT