ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

305
Views
5
Helpful
3
Replies
Highlighted
Beginner
Beginner

Where to find those vulnerable browsers from Firepower report?

Hi, My weekly Network Risk Report from Firepower shows me the information below. How do I go about actually finding the 3 hosts running IE10 or 6 hosts running Firefox 35? Where do I click? I spent 20 minutes looking and cannot find this info. 

Screenshot 2020-06-16 at 14.59.44.png

Everyone's tags (1)
3 REPLIES 3
Highlighted
Hall of Fame Guru

Re: Where to find those vulnerable browsers from Firepower report?

Go under Analysis > Connections > Events. Switch to the "Table View of Connection Events".

Then search for only events with a browser name in the client field.

Like this:

FMC Search.PNG

In the results window then go in and tweak the many available fields down to the few you care about. Tell it to sort - first by client and then by version. You may want to tweak the maximum results and time window to suit as well. Here I am selecting only time of first packet, Initiator IP, Client and Client Version:

FMC Report field selection.PNG

Click OK and then Save and Generate the report. It should look something like this (addresses redacted for public display):

Client version report.PNG

You may need to iterate with your search excluding the current versions. Note that discovery of client versions is passive so you don't always get 100% accurate results but it's pretty good.

Highlighted
Beginner
Beginner

Re: Where to find those vulnerable browsers from Firepower report?

Thanks, It looks like that is what i am looking for, but I cannot confirm yet because searching for Internet Explorer events for the last week is taking 10 minutes already ;-)
Highlighted
Hall of Fame Guru

Re: Where to find those vulnerable browsers from Firepower report?

If you're able to upgrade your FMC to 6.6 you will find it is much faster at searches - there's a new database engine under the hood (monetdb).

If you're running a VM they do increase the memory required quite a bit though - 28 GB is the new requirement.