05-20-2016 09:28 AM - edited 03-12-2019 06:01 AM
I am looking for a guide on how to connect Sourcefire to Nessus Security Center to pull in vulnerability data and then change our recommended IPS signatures based on the data imported. I see there were some old connectors in the forums and also a Perl script that seems to not work anymore. Any help on this would be fantastic!
03-27-2017 12:08 PM
I'm going to give Doug the benefit of the doubt here and see if he can steer me in the right direction. It seems completely ludicrous that the only posture tool that FMC has access to is NMAP. Other than using something like Tenable Security Center (or one of it's competitors) the only other way to get relevant and up to date posture information about resources is to update it manually in FMC - and that's not plausible if you have more than a few forward facing servers.
03-27-2017 07:36 AM
Christopher, let me at least end the finger-pointing stuff.
You're correct that this is supposed to work. It has worked for over 10 years. I'm not the definitive technical authority on this feature but I can tell you that similar issues have recently been reported by two other parties that I am aware and with different vulnerability technologies being used. It points to a bug in the code that leverages the 3rd party vuln set. I've asked a friend in support to make sure the issue is escalated to development.
I cannot provide any guidance on time frame. I encourage you to keep the SR case number open with TAC and feel free to reach out to me at dohurd@cisco.com
Doug
03-29-2017 04:25 AM
Hi Doug - sent you an email Monday.
02-18-2019 09:30 PM
Hello Doug,
I need to do this integration with FMC 6.2.3. Do you know if there is more info actually or the RESTFUL API is already working?
Regards,
James
08-02-2016 03:47 PM
This item has been deleted by the supreme commander.
09-15-2020 01:52 AM
Hello Moses
We have a Cisco Firepower Management Center and we integrated it with Tenable to send the vulnerabilities to the FMC. we followed the steps for integration from this link https://github.com/QuiLoxx/ATS-APIs/tree/master/firepower/neipatel_securityCenter-HostInput/v1
It seems that is working because we can see the events from the connector side but we can't see anything from FMC side no events are shown under Analysis > Host > Third-Party Vulnerabilities.
Any Tips?
Thank you in advance,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide