Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2466
Views
0
Helpful
3
Replies

How to confirm that certain CVE# is included in specific SRU for IPS (1500 FMC and 8250 Sensors)?

Go to solution
Mahmoud Shawky
Level 1
Level 1

‎04-21-2020 07:17 AM

We have many CVE numbers and we need to make sure that our IPS is aware of them and we are protected against them. Whenever we search by the CVE# from the FMC GUI, it shows nothing as the CVE# is included explicitly in the details not the main info.

 

So, can anyone has an idea where to achieve this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-21-2020 07:48 AM

It can be easily done as follows:

Policies > Access control > Intrusion, edit your Intrusion Policy.

Select Rules > Rule Content > Reference. Expand the section and select CVE ID. Enter the ID you are interested in and it will show you the rules that address the CVE in question.

FMC CVE SearchFMC CVE Search

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-21-2020 07:48 AM

It can be easily done as follows:

Policies > Access control > Intrusion, edit your Intrusion Policy.

Select Rules > Rule Content > Reference. Expand the section and select CVE ID. Enter the ID you are interested in and it will show you the rules that address the CVE in question.

FMC CVE SearchFMC CVE Search

0 Helpful

Go to solution
Mahmoud Shawky
Level 1
Level 1
In response to Marvin Rhoads

‎04-23-2020 03:09 PM

Thanks for the reply, however i have certain CVE numbers which i could not find even if it's with an old date 2019!

Does this imply that our IPS is not aware of and accordingly we're not protected against it?!!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mahmoud Shawky

‎04-23-2020 08:09 PM

Not every CVE in existence requires an IPS rule. It's based on the vulnerability and exposure being network-related and thus something the NGFW/NGIPS can act upon.

If there's a specific CVE or set of CVEs that you believe meet this criteria but are not included, I'd suggest opening a TAC case. They can assign it to the TALOS group for investigation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card