Time to bring up this subject again. We've been running a Cisco FMC/FTD suite for awhile now and have been trying to do security scans to no avail.
Previously I found out that it was because of the version of Tenable Security Center we were using so I stopped pursuing the older post from the link below. We now have the newer version, but still can't scan the devices.
We've just upgraded our Firepower suite to 6.6 code and hope to be able to provide successful scans. The caveat to all of this is having a separate user/service account to be able to conduct the scans with.
There's a lot of success in other discussions, but that deals with the ASA code for the devices (FTD2110's) and not the Firepower code that we use. From the ASA side there's no problem creating accounts.
For twenty years I've been taught that when you get a new device, network or other the first thing you do it change the default username and passwords. If that's best practice then I don't know why Cisco restricts that ability.
The second issue we have is having SSH open long enough to conduct a scan. As we know we can override the SSH lockout, but the security practices say to lock it down to 10 minutes.
Is there a service or other account that can be created to where SSH doesn't have to be enabled and disabled?
Any help would be appreciated.
https://community.cisco.com/t5/network-security/how-to-add-additional-user-accounts-to-fmc-command-line/td-p/4056936
