05-25-2016 08:19 PM - edited 03-12-2019 06:01 AM
Device:FirePower 7115 running version 6.0.1 (no malware license)
In Host Attributes you can edit the operating system if the discovery gets it wrong. There are versions of OS that are not listed eg. newer versions of Juniper etc. What software update, updates that information?
In the past there was SEU, Rules, GeoDB and VDB. Is there still SEU? What exactly is updated when you update VDB & SEU?
I'm guessing VDB are the signatures for malware but if I don't have malware license what does it do? Can I still use it?
05-25-2016 11:18 PM
Hi
VDB updates are not for malware. They are for vulnerability database and application fingerprints where you can do application based filtering. You need protection+control license for that.
SEU and rules updates still come and they are specifically for IPS and snort rules.
If new OS is not there or no info for any vendor, custom OS fingerprinting can be configured.
Rate if helps.
Yogesh
05-26-2016 06:34 AM
What I am saying is when you try to configure for an OS that didn't fingerprint, there is no option to setup some specific OSes. eg I am doing a manual OS for Juniper that was fingerprinted as MS. If I do a custom then I don't believe I will get vulnerabilities (CVEs) in Host Attributes.
Vendor: Juniper Networks
Product: ScreenOS
Major: 6
Minor: only 0 and 1 no 3
Both are also Revision and Build is out of date
-----------------------------------
Vendor: Cisco
Product IOS Software: only up 12 not 15 etc, etc
So which update, updates those?
----------------------------------
Under Updates in version 6.0.1 there is only Tabs for:
Product Updates
Rule Updates
Geolocation Updates
Where is SEU updated?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide