Cisco Cisco Firepower Management Center 2000
49-15
FireSIGHT System User Guide
Chapter 49 Scheduling Tasks
Automating Vulnerability Database Updates
Step 9
Optionally, in the
Email Status To:
field, type the email address (or multiple email addresses separated by
commas) where you want status messages sent.
You must have a valid email relay server configured to send status messages. See
for more information about configuring a relay host.
Step 10
Click
Save
.
The task is added. You can check the status of a running task on the Task Status page; see
.
Automating Vulnerability Database Updates
License:
FireSIGHT
Cisco uses vulnerability database (VDB) updates to expand the list of network assets, traffic, and
vulnerabilities that the FireSIGHT System recognizes. You can use the scheduling feature to download
and install the latest VDB update on your Defense Centers, thereby ensuring that you are using the most
up-to-date information to evaluate the hosts on your network.
vulnerabilities that the FireSIGHT System recognizes. You can use the scheduling feature to download
and install the latest VDB update on your Defense Centers, thereby ensuring that you are using the most
up-to-date information to evaluate the hosts on your network.
Note
You cannot schedule updates for appliances that cannot access the Support Site. If your appliance is not
directly connected to the Internet, you should set up a proxy as described in
directly connected to the Internet, you should set up a proxy as described in
to allow it to download updates from the Support Site. For information on manually
updating the FireSIGHT System, see
When automating VDB updates, you must automate two separate steps:
Step 1
Downloading the VDB update.
Step 2
Installing the VDB update.
Always allow enough time between tasks for the process to complete. For example, if you schedule a
task to install an update and the update has not fully downloaded, the installation task will not succeed.
However, if the scheduled installation task repeats daily, it will install the downloaded VDB update when
the task runs the next day.
task to install an update and the update has not fully downloaded, the installation task will not succeed.
However, if the scheduled installation task repeats daily, it will install the downloaded VDB update when
the task runs the next day.
If you want to have more control over this process, you can use the
Once
option to download and install
VDB updates during off-peak hours after you learn that an update has been released.
Note
Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few
packets to pass uninspected.
packets to pass uninspected.
See the following sections for more information:
•
•