для Cisco Cisco Firepower Management Center 2000
42-34
FireSIGHT System User Guide
Chapter 42 Enhancing Network Discovery
Importing Host Input Data
Step 3
Click
Add Vulnerability Map
.
The Add Vulnerability Map pop-up window appears.
Step 4
Type the third-party identification for the vulnerability in the
Vulnerability ID
field.
Step 5
Type a description in the
Vulnerability Description
field.
Step 6
Optionally, enter a Signature ID in the
Snort Vulnerability ID Mappings
field.
Step 7
Optionally, enter an Cisco vulnerability ID in the
Cisco
Vulnerability ID Mappings
field.
Step 8
Optionally, enter a Bugtraq identification number in the
Bugtraq Vulnerability ID Mappings
field.
Step 9
Click
Add
.
Managing Custom Product Mappings
License:
FireSIGHT
You can use product mappings to ensure that servers input by a third party are associated with the
appropriate Cisco definitions. After you define and activate the product mapping, all servers or clients
on hosts in your network map that have the mapped vendor strings use the custom product mappings.
For this reason, you may want to map vulnerabilities for all servers in the network map with a particular
vendor string instead of explicitly setting the vendor, product, and version for the server.
appropriate Cisco definitions. After you define and activate the product mapping, all servers or clients
on hosts in your network map that have the mapped vendor strings use the custom product mappings.
For this reason, you may want to map vulnerabilities for all servers in the network map with a particular
vendor string instead of explicitly setting the vendor, product, and version for the server.
For more information, see the following:
•
•
•
Creating Custom Product Mappings
License:
FireSIGHT
If the system cannot map a server in the network map to a vendor and product in the VDB, you can
manually create the mapping for the system to use when identifying servers. When you activate a custom
product mapping, the system maps vulnerabilities for the selected vendor and product to all servers in
the network map where that vendor string occurs.
manually create the mapping for the system to use when identifying servers. When you activate a custom
product mapping, the system maps vulnerabilities for the selected vendor and product to all servers in
the network map where that vendor string occurs.
Note
Custom product mappings apply to all occurrences of an application protocol, regardless of the source
of the application data (such as Nmap, the host input feature, or the FireSIGHT System itself). However,
if third-party vulnerability mappings for data imported using the host input feature conflicts with the
mappings you set through a custom product mapping, the third-party vulnerability mapping overrides
the custom product mapping and uses the third-party vulnerability mapping settings when the input
occurs. For more information, see
of the application data (such as Nmap, the host input feature, or the FireSIGHT System itself). However,
if third-party vulnerability mappings for data imported using the host input feature conflicts with the
mappings you set through a custom product mapping, the third-party vulnerability mapping overrides
the custom product mapping and uses the third-party vulnerability mapping settings when the input
occurs. For more information, see
You create lists of product mappings and then enable or disable use of several mappings at once by
activating or deactivating each list. When you select a vendor to map to, the system updates the list of
products to include only those made by that vendor.
activating or deactivating each list. When you select a vendor to map to, the system updates the list of
products to include only those made by that vendor.