для Cisco Cisco FirePOWER Appliance 8130
43-21
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Working with Active Scan Results
Understanding the Scan Results Table
License:
FireSIGHT
When you run an Nmap scan, the Defense Center collects the scan results in a database. The fields in the
scan results table are described in the following table.
scan results table are described in the following table.
Analyzing Scan Results
License:
FireSIGHT
You can view scan results that you create using the local Nmap module as a rendered page in a pop-up
window. You can also download the Nmap results file in raw XML format.
window. You can also download the Nmap results file in raw XML format.
You can also view operating system and server information detected by Nmap in host profiles and in the
network map. If a scan of a host produces server information for servers on filtered or closed ports, or if
a scan collects information that cannot be included in the operating system information or the servers
section, the host profile includes those results in an Nmap Scan Results section. For more information,
see
network map. If a scan of a host produces server information for servers on filtered or closed ports, or if
a scan collects information that cannot be included in the operating system information or the servers
section, the host profile includes those results in an Nmap Scan Results section. For more information,
see
Monitoring Scans
License:
FireSIGHT
To monitor a scan:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Scanners.
Table 43-3
Scan Results Fields
Field
Description
Start Time
The date and time that the scan that produced the results started.
End Time
The date and time that the scan that produced the results ended.
Scan Target
The IP address (or host name, if DNS resolution is enabled) of the scan
target for the scan that produced the results.
target for the scan that produced the results.
Scan Type
Either
Nmap
or the name of the third-party scanner to indicate the type
of the scan that produced the results.
Scan Mode
The mode of the scan that produced the results:
•
On
Demand
— results from scans run on demand.
•
Imported
— results from scans on a different system and imported
onto the Defense Center.
•
Scheduled
— results from scans run as a scheduled task.