10-19-2015 03:22 PM - edited 03-12-2019 05:47 AM
Hi all,
I am trying to enable Nmap instance in Firesight 5.4.1 and a bit confused with the following two points:
1. I noticed in http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Scanning.html#pgfId-3355672 it states 'Step 6 Optionally, to run the scan from a remote device instead of the Defense Center, specify the IP address or name of the device as it appears in the Information page for the device in the Defense Center web interface, in the Remote Device Name field.', does it mean that if I provide the IP of a Firepower module (we have three SFR modules deployed in three branch offices and the Defense Center in HQ) the active scanner will be enabled there and the scan will be launched from the firepower module?
2. Can Firesight 5.4.1 run a credentialed active scan? I don't see where I can provide domain level privileges for Firesight to run such a scan.
Thanks,
10-26-2015 09:18 PM
Any thoughts on this?
Thanks,
10-30-2015 09:43 AM
The short answer to #1 is yes. When you setup an nmap scan if you enter the remote device IP address the scan will kick off and run from the SFR module. The scan will be performed through the management interface.
As for #2 I don't believe nmap has a credentialed scan capability and nmap is what we use for the scanner.
11-02-2015 01:13 PM
Thanks for the information!
I'm running a scan to a remote site via a quite congested WAN link, and it's still running. Is there a way to stop the scan job in the Mgmt GUI?
Also in the firesight, is it possible to run more than one scan at the same tmie?
06-27-2017 05:03 PM
I stopped like this
go on the CLI of the machine running the scan
enter expert mode
then, type sudo su -
put the password
type ps -ef | grep nmap
Find the process ID
then
kill -9 PID
Example
root@firepower:~# ps -ef | grep nmap
root 898 847 3 01:41 ? 00:41:48 /usr/local/sf/nmap/bin/nmap
root@firepower:~# kill -9 898
That's it...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide