Cisco Firepower Scan Requirements

The following describes scan requirements when using the Cisco Firepower plugin.


The plugin requires SSH credentials for online scanning. It does not require or support any escalation method.


Depending on what part of the Cisco Firepower device you connect to, you must have certain base permissions for the following operations:

  • Chassis — Ability to telnet to the module.
  • Module — Ability to connect to the application.
  • Application — Ability to retrieve the full configuration.

Some audits may have requirements to run additional commands.

Offline Scanning

The plugin supports offline scanning of Firepower Threat Defense configurations. No permissions or credentials are required for offline scanning, but the results produced will not be associated directly with any asset. Instead, the results display the name of the configuration filename in the Hosts field.

To run an offline scan, upload the Cisco Firepower configuration as a .txt file to the scan or policy.

To upload a file for offline scanning:

  1. Log in to an existing Firepower Threat Defense target (for example, via SSH).
  2. Run the following command:

    show running-config all

  3. Copy the output to a .txt file.
  4. (Optional) To analyze multiple configurations, place each file in a .zip file.
  5. In the scan or policy with the Cisco Firepower audit, upload the .txt or .zip file to Firepower config file(s).
  6. Save and launch the scan or policy.