cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
844
Views
5
Helpful
3
Replies

Where to find those vulnerable browsers from Firepower report?

db1
Beginner
Beginner

Hi, My weekly Network Risk Report from Firepower shows me the information below. How do I go about actually finding the 3 hosts running IE10 or 6 hosts running Firefox 35? Where do I click? I spent 20 minutes looking and cannot find this info. 

Screenshot 2020-06-16 at 14.59.44.png

3 Replies 3

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

Go under Analysis > Connections > Events. Switch to the "Table View of Connection Events".

Then search for only events with a browser name in the client field.

Like this:

FMC Search.PNG

In the results window then go in and tweak the many available fields down to the few you care about. Tell it to sort - first by client and then by version. You may want to tweak the maximum results and time window to suit as well. Here I am selecting only time of first packet, Initiator IP, Client and Client Version:

FMC Report field selection.PNG

Click OK and then Save and Generate the report. It should look something like this (addresses redacted for public display):

Client version report.PNG

You may need to iterate with your search excluding the current versions. Note that discovery of client versions is passive so you don't always get 100% accurate results but it's pretty good.

Thanks, It looks like that is what i am looking for, but I cannot confirm yet because searching for Internet Explorer events for the last week is taking 10 minutes already ;-)

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

If you're able to upgrade your FMC to 6.6 you will find it is much faster at searches - there's a new database engine under the hood (monetdb).

If you're running a VM they do increase the memory required quite a bit though - 28 GB is the new requirement.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers