Cisco Cisco Firepower Management Center 4000
38-49
FireSIGHT System User Guide
Chapter 38 Working with Discovery Events
Working with Vulnerabilities
Vulnerability Impact
Displays the severity assigned to the vulnerability in the Bugtraq database on a scale of 0 to 10, with
10 being the most severe. The vulnerability impact is determined by the writer of the Bugtraq entry
based on his or her best judgment and guided by SANS Critical Vulnerability Analysis (CVA)
criteria.
10 being the most severe. The vulnerability impact is determined by the writer of the Bugtraq entry
based on his or her best judgment and guided by SANS Critical Vulnerability Analysis (CVA)
criteria.
Remote
Indicates whether the vulnerability is remotely exploitable.
Available Exploits
Indicates whether there are known exploits for the vulnerability.
Description
A brief description of the vulnerability.
Technical Description
A detailed technical description of the vulnerability.
Solution
Information about repairing the vulnerability.
Count
The number of events that match the information that appears in each row. Note that the Count field
appears only after you apply a constraint that creates two or more identical rows.
appears only after you apply a constraint that creates two or more identical rows.
Deactivating Vulnerabilities
License:
FireSIGHT
Deactivate a vulnerability after you patch the hosts on your network or otherwise judge them immune.
Deactivated vulnerabilities are not used for intrusion impact correlation. Note that if the system
discovers a new host that is affected by that vulnerability, the vulnerability is considered valid (and is
not automatically deactivated) for that host.
Deactivated vulnerabilities are not used for intrusion impact correlation. Note that if the system
discovers a new host that is affected by that vulnerability, the vulnerability is considered valid (and is
not automatically deactivated) for that host.
You can deactivate vulnerabilities within the vulnerabilities workflow only on a workflow page that
shows vulnerabilities for specific hosts on your network, that is:
shows vulnerabilities for specific hosts on your network, that is:
•
on the second page of the default vulnerabilities workflow,
Vulnerabilities on the Network
, which
shows only the vulnerabilities that apply to the hosts on your network
•
on any page in a vulnerabilities workflow, custom or predefined, that you constrained based on IP
address using a search.
address using a search.
Deactivating a vulnerability within a vulnerabilities workflow that is not constrained on IP addresses
deactivates the vulnerability for all detected hosts on your network. To deactivate a vulnerability for a
single host, you have three options:
deactivates the vulnerability for all detected hosts on your network. To deactivate a vulnerability for a
single host, you have three options:
•
Use the network map.
For more information, see
•
Use the host’s host profile.
For more information, see
.