https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770444#M1038199 <P>Hi all,</P><P>&nbsp;</P><P>I am trying to enable Nmap instance in Firesight 5.4.1 and a bit confused with the following two points:</P><P>&nbsp;</P><P>1. I noticed in&nbsp;<A href="http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Scanning.html#pgfId-3355672" target="_blank">http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Scanning.html#pgfId-3355672</A> it states &nbsp;'Step 6 Optionally, to run the scan from a remote device instead of the Defense Center, specify the IP address or name of the device as it appears in the Information page for the device in the Defense Center web interface, in the Remote Device Name field.', does it mean that if I provide the IP of a Firepower module (we have three SFR modules deployed in three branch offices and the Defense Center in HQ) the active scanner will be enabled there and the scan will be launched from the firepower module?</P><P>&nbsp;</P><P>2. Can Firesight 5.4.1 run a credentialed active scan? I don't see where I can provide domain level privileges for Firesight to run such a scan.</P><P>&nbsp;</P><P>Thanks,</P> Tue, 12 Mar 2019 12:47:36 GMT Meng Li 2019-03-12T12:47:36Z https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770444#M1038199 <P>Hi all,</P><P>&nbsp;</P><P>I am trying to enable Nmap instance in Firesight 5.4.1 and a bit confused with the following two points:</P><P>&nbsp;</P><P>1. I noticed in&nbsp;<A href="http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Scanning.html#pgfId-3355672" target="_blank">http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Scanning.html#pgfId-3355672</A> it states &nbsp;'Step 6 Optionally, to run the scan from a remote device instead of the Defense Center, specify the IP address or name of the device as it appears in the Information page for the device in the Defense Center web interface, in the Remote Device Name field.', does it mean that if I provide the IP of a Firepower module (we have three SFR modules deployed in three branch offices and the Defense Center in HQ) the active scanner will be enabled there and the scan will be launched from the firepower module?</P><P>&nbsp;</P><P>2. Can Firesight 5.4.1 run a credentialed active scan? I don't see where I can provide domain level privileges for Firesight to run such a scan.</P><P>&nbsp;</P><P>Thanks,</P> Tue, 12 Mar 2019 12:47:36 GMT https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770444#M1038199 Meng Li 2019-03-12T12:47:36Z https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770445#M1038204 <P>Any thoughts on this?</P><P>&nbsp;</P><P>Thanks,</P> Tue, 27 Oct 2015 04:18:33 GMT https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770445#M1038204 Meng Li 2015-10-27T04:18:33Z https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770446#M1038212 <P>The short answer to #1 is yes. &nbsp;When you setup an nmap scan if you enter the remote device IP address the scan will kick off and run from the SFR module. &nbsp;The scan will be performed&nbsp;through the management interface.</P> <P>As for #2 I don't believe nmap has a credentialed scan capability and nmap is what we use for the scanner.</P> <P></P> Fri, 30 Oct 2015 16:43:01 GMT https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770446#M1038212 atatistc 2015-10-30T16:43:01Z https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770447#M1038217 <P>Thanks for the information!&nbsp;</P> <P>I'm running a scan to a remote site via a quite congested WAN link, and it's still running. Is there a way to stop the scan job in the Mgmt GUI?</P> <P>Also in the firesight, is it possible to run more than one scan at the same tmie?</P> Mon, 02 Nov 2015 21:13:43 GMT https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770447#M1038217 Meng Li 2015-11-02T21:13:43Z https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770448#M1038226 <P>I stopped like this</P> <P></P> <P>go on the CLI of the machine running the scan</P> <P>enter expert mode<BR />then, type sudo su -<BR />put the password<BR />type ps -ef | grep nmap</P> <P>Find the process ID</P> <P>then</P> <P>kill -9 PID</P> <P></P> <P>Example</P> <P>root@firepower:~# ps -ef | grep nmap<BR />root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 898&nbsp;&nbsp; 847&nbsp; 3 01:41 ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00:41:48 /usr/local/sf/nmap/bin/nmap</P> <P>root@firepower:~# kill -9 898</P> <P>That's it...</P> Wed, 28 Jun 2017 00:03:27 GMT https://community.cisco.com/t5/network-security/firesight-nmap-active-scan/m-p/2770448#M1038226 wbarboza 2017-06-28T00:03:27Z