Showing results for 
Search instead for 
Did you mean: 

Where to find those vulnerable browsers from Firepower report?

Level 1
Level 1

Hi, My weekly Network Risk Report from Firepower shows me the information below. How do I go about actually finding the 3 hosts running IE10 or 6 hosts running Firefox 35? Where do I click? I spent 20 minutes looking and cannot find this info. 

Screenshot 2020-06-16 at 14.59.44.png

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

Go under Analysis > Connections > Events. Switch to the "Table View of Connection Events".

Then search for only events with a browser name in the client field.

Like this:

FMC Search.PNG

In the results window then go in and tweak the many available fields down to the few you care about. Tell it to sort - first by client and then by version. You may want to tweak the maximum results and time window to suit as well. Here I am selecting only time of first packet, Initiator IP, Client and Client Version:

FMC Report field selection.PNG

Click OK and then Save and Generate the report. It should look something like this (addresses redacted for public display):

Client version report.PNG

You may need to iterate with your search excluding the current versions. Note that discovery of client versions is passive so you don't always get 100% accurate results but it's pretty good.

Thanks, It looks like that is what i am looking for, but I cannot confirm yet because searching for Internet Explorer events for the last week is taking 10 minutes already ;-)

If you're able to upgrade your FMC to 6.6 you will find it is much faster at searches - there's a new database engine under the hood (monetdb).

If you're running a VM they do increase the memory required quite a bit though - 28 GB is the new requirement.

Review Cisco Networking for a $25 gift card