https://community.cisco.com/t5/network-security/fmc-host-profile-accuracy/m-p/4092486#M1070494 <P>Hello Everyone,<BR />&nbsp;I hope you are all doing well, despite whats going on with the pandemic.<BR />&nbsp;Anyways, I was trying to improve the Host Profile quality exploring several alternatives. Nmap, API, etc.<BR />&nbsp;At this time I focused on nmimport.pl and was able to achieve the basics; addition, removal, OS, protocols, Third-Party Product Maps, etc.<BR />&nbsp;What I was trying next is Vulnerabilities. To set which ones are Valid and Invalid.<BR />So far I was playing with "SetValidVuln" y "SetInvalidVuln" but neither had any effect that I could see.<BR />My hope was being able to move vulnerabilities from Valid to Invalid as we do manually.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot from 2020-05-26 18-32-12.png" style="width: 572px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/75405iD3D44C5D8431BD76/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot from 2020-05-26 18-32-12.png" alt="Screenshot from 2020-05-26 18-32-12.png" /></span></P><P>&nbsp;Very briefly, according to the documentation, one of the parameters for either command is "vuln_id". And "vuln_id" can be a "Valid Cisco vulnerability IDs", or "mapped third-party vulnerability IDs".<BR />I was kind of able to create a mapping, but I'm more interested in finding the Cisco vulnerability IDs to natively and directly validate/invalidate vulnerabilities. Mapping is fine for small jobs.<BR />Neither SVID, nor CVE ID worked as written in FMC.</P><P>&nbsp;</P><P>&nbsp;Nmap doesn't work for me all that consistently. Sometimes it takes too long, other times the collection is poor, and, most shockingly, brief-but-notable traffic interruption took place while running.<BR />API, I'm no expert so would rather have that as a last resort.</P><P>&nbsp;</P><P>&nbsp;Lastly, is there a tool to parse and format CSV files to make them suitable for the nmimport.pl?</P><P>If anyone has a better approach, and care to share some details, I'd appreciate it.</P><P>&nbsp;</P><P>Thank you!<BR />Regards<BR />Peter</P> Tue, 26 May 2020 22:48:02 GMT ggalteroo 2020-05-26T22:48:02Z https://community.cisco.com/t5/network-security/fmc-host-profile-accuracy/m-p/4092486#M1070494 <P>Hello Everyone,<BR />&nbsp;I hope you are all doing well, despite whats going on with the pandemic.<BR />&nbsp;Anyways, I was trying to improve the Host Profile quality exploring several alternatives. Nmap, API, etc.<BR />&nbsp;At this time I focused on nmimport.pl and was able to achieve the basics; addition, removal, OS, protocols, Third-Party Product Maps, etc.<BR />&nbsp;What I was trying next is Vulnerabilities. To set which ones are Valid and Invalid.<BR />So far I was playing with "SetValidVuln" y "SetInvalidVuln" but neither had any effect that I could see.<BR />My hope was being able to move vulnerabilities from Valid to Invalid as we do manually.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot from 2020-05-26 18-32-12.png" style="width: 572px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/75405iD3D44C5D8431BD76/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot from 2020-05-26 18-32-12.png" alt="Screenshot from 2020-05-26 18-32-12.png" /></span></P><P>&nbsp;Very briefly, according to the documentation, one of the parameters for either command is "vuln_id". And "vuln_id" can be a "Valid Cisco vulnerability IDs", or "mapped third-party vulnerability IDs".<BR />I was kind of able to create a mapping, but I'm more interested in finding the Cisco vulnerability IDs to natively and directly validate/invalidate vulnerabilities. Mapping is fine for small jobs.<BR />Neither SVID, nor CVE ID worked as written in FMC.</P><P>&nbsp;</P><P>&nbsp;Nmap doesn't work for me all that consistently. Sometimes it takes too long, other times the collection is poor, and, most shockingly, brief-but-notable traffic interruption took place while running.<BR />API, I'm no expert so would rather have that as a last resort.</P><P>&nbsp;</P><P>&nbsp;Lastly, is there a tool to parse and format CSV files to make them suitable for the nmimport.pl?</P><P>If anyone has a better approach, and care to share some details, I'd appreciate it.</P><P>&nbsp;</P><P>Thank you!<BR />Regards<BR />Peter</P> Tue, 26 May 2020 22:48:02 GMT https://community.cisco.com/t5/network-security/fmc-host-profile-accuracy/m-p/4092486#M1070494 ggalteroo 2020-05-26T22:48:02Z