Cisco Cisco Firepower Management Center 4000
43-9
FireSIGHT System User Guide
Chapter 43 Configuring Active Scanning
Setting up Nmap Scans
For more information on creating correlation policies, see
.
Step 5
In the correlation policy, add the Nmap remediation you created in step as a response to the rule you
created in step
created in step
.
Step 6
Activate the correlation policy.
Step 7
When you are notified of a new host, check the host profile to see the results of the Nmap scan and
address any vulnerabilities that apply to the host.
address any vulnerabilities that apply to the host.
Setting up Nmap Scans
License:
FireSIGHT
To scan using Nmap, you must first configure a scan instance and a scan remediation. If you plan to
schedule Nmap scans, you must also define a scan target.
schedule Nmap scans, you must also define a scan target.
For more information, see the following sections:
•
•
•
Creating an Nmap Scan Instance
License:
FireSIGHT
You can set up a separate scan instance for each Nmap module that you want to use to scan your network
for vulnerabilities. You can set up scan instances for the local Nmap module on your Defense Center and
for any devices you want to use to run scans remotely. The results of each scan are always stored on the
Defense Center where you configure the scan, even if you run the scan from a remote device. To prevent
accidental or malicious scanning of mission-critical hosts, you can create a blacklist for the instance to
indicate the hosts that should never be scanned with the instance.
for vulnerabilities. You can set up scan instances for the local Nmap module on your Defense Center and
for any devices you want to use to run scans remotely. The results of each scan are always stored on the
Defense Center where you configure the scan, even if you run the scan from a remote device. To prevent
accidental or malicious scanning of mission-critical hosts, you can create a blacklist for the instance to
indicate the hosts that should never be scanned with the instance.
Note that you cannot add a scan instance with the same name as any existing scan instance.
To create a scan instance:
Access:
Admin/Discovery Admin
Step 1
Select
Policies > Actions > Scanners
.
The Scanners page appears.
Step 2
Click
Add Nmap Instance
.
The Instance Detail page appears.
Step 3
In the
Instance Name
field, enter a name that includes 1 to 63 alphanumeric characters, with no spaces
and no special characters other than underscore (_) and dash (-).
Step 4
In the
Description
field, specify a description with 0 to 255 alphanumeric characters, which can include
spaces and special characters.
Step 5
Optionally, in the
Black Listed Scan hosts
field, specify any hosts or networks that should never be scanned
with this scan instance, using the following syntax: