NMAP scan vulnerabilities

1438

Views

Helpful

Replies

Hi,

In the "Advanced" tab under the "Network Discover" policy settings, if we set the "keep active identity" results and then we run a NMAP scan on a host, then all the OS related vulnerabilities disappear and are replaced by the results of the ports opened/filtered from the NMAP scan, losing the previous visibility. How will the SNORT engine enforce the necessary IPS rules if the that vulnerability information is not present? What is the benefit then of running a NMAP scan?

Regards

0 Replies 0

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Review Cisco Networking for a $25 gift card