Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1358
Views
0
Helpful
2
Replies

Where to find FirePOWER VDB update details

mohammed.malik
Level 1
Level 1

‎08-01-2019 05:44 AM - edited ‎02-21-2020 09:21 AM

Hi all,

I have a 5525-x with FirePOWER module. Around the time VDB update 324 came out we started to see latency issues with office documents. I can see that VDB-324 updated Microsoft WebApp signatures:

 

Web Application Detectors:

  • Reddit: Social news link site. (updated)

  • Citrix Online: Citrix Online services, including GoToMyPC, GoToMeeting, GoToWebinar, and GoToTraining. (updated)

  • Fuze: A team collaborative call and messaging tool. (updated)

  • Microsoft: Official Microsoft website and its subapps (updated)

From: https://www.cisco.com/c/en/us/td/docs/security/firepower/Application_Detectors/vdb_324/cisco_firepower_application_detector_reference_324/release_notes_for_cisco_vulnerability_database_vdb_update_324.html

 

 

When I click on Microsoft its takes me to this information:

 

Microsoft

Description

Official Microsoft website.

Categories

web services provider,business

Tags

SSL protocol, Office 365

Risk

Medium

Business Relevance

Low

 

 

and here the trail goes cold. I'm looking for information on exactly whats changed so i can figure out if this is whats causing the issues were seeing, but the links just keep taking me around in circles. I'm assuming this information is available somewhere. I've worked with other NGFW's and signature/ threat DB updates are normally well explained and the information is readily available, but for FirePOWER I just dont seem to be able to locate it. 

 

As you can see from the above I've had a good look before posting this. If someone knows where to get the detailed info (in locations that I havent looked yet) then I'd really appreciate your help.

 

 

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-01-2019 08:00 AM

The VDB document you already found is the most detailed published source of information. To drill down deeper, I'd suggest opening a TAC case. They can engage TALOS if necessary to investigate why your particular use case is causing issues for your end users.

For what it's worth, I have several customers with the latest VDB updates applied and none of them have reported issues. They are all using the "Balanced Security and Connectivity" ruleset in their Intrusion Policies.

0 Helpful

mohammed.malik
Level 1
Level 1
In response to Marvin Rhoads

‎08-01-2019 10:38 AM

Hi Marvin,

 

Thank you very much for picking this up, and confirmation that other users are not experiencing the same issue - I was wondering!

 

Just to confirm, the published information that I've referenced above only mentions that there have been changes in an area, they don't even give an outline of the changes - surely this cant be the sum total of the information available for a VDB update? I've worked with NGFW's from other vendors and the updates I've seen there have been very detailed. I'd base my decision to update / not update based on this information. Would this approach not be possible with FirePOWER?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card