FireSight DC Updates

ottleydamian · ‎05-25-2016

Device:FirePower 7115 running version 6.0.1 (no malware license)

In Host Attributes you can edit the operating system if the discovery gets it wrong. There are versions of OS that are not listed eg. newer versions of Juniper etc. What software update, updates that information?

In the past there was SEU, Rules, GeoDB and VDB. Is there still SEU? What exactly is updated when you update VDB & SEU?

I'm guessing VDB are the signatures for malware but if I don't have malware license what does it do? Can I still use it?

yogdhanu · ‎05-25-2016

Hi

VDB updates are not for malware. They are for vulnerability database and application fingerprints where you can do application based filtering. You need protection+control license for that.

SEU and rules updates still come and they are specifically for IPS and snort rules.

If new OS is not there or no info for any vendor, custom OS fingerprinting can be configured.

Rate if helps.

Yogesh

ottleydamian · ‎05-26-2016

What I am saying is when you try to configure for an OS that didn't fingerprint, there is no option to setup some specific OSes. eg I am doing a manual OS for Juniper that was fingerprinted as MS. If I do a custom then I don't believe I will get vulnerabilities (CVEs) in Host Attributes.

Vendor: Juniper Networks

Product: ScreenOS

Major: 6

Minor: only 0 and 1 no 3

Both are also Revision and Build is out of date

-----------------------------------

Vendor: Cisco

Product IOS Software: only up 12 not 15 etc, etc

So which update, updates those?

----------------------------------

Under Updates in version 6.0.1 there is only Tabs for:

Product Updates

Rule Updates

Geolocation Updates

Where is SEU updated?