TOC & Recently Viewed

Recently Viewed Topics

Cisco Firepower Scan Requirements

The following describes scan requirements when using the Cisco Firepower plugin.

Credentials

The plugin requires SSH credentials for online scanning. It does not require or support any escalation method.

Permissions

Depending on what part of the Cisco Firepower device you connect to, you must have certain base permissions for the following operations:

  • Chassis — Ability to telnet to the module.
  • Module — Ability to connect to the application.
  • Application — Ability to retrieve the full configuration.

Some audits may have requirements to run additional commands.

Offline Scanning

The plugin supports offline scanning of Firepower Threat Defense configurations. No permissions or credentials are required for offline scanning, but the results produced will not be associated directly with any asset. Instead, the results display the name of the configuration filename in the Hosts field.

To run an offline scan, upload the Cisco Firepower configuration as a .txt file to the scan or policy.

To upload a file for offline scanning:

  1. Log in to an existing Firepower Threat Defense target (for example, via SSH).
  2. Run the following command:

    show running-config all

  3. Copy the output to a .txt file.
  4. (Optional) To analyze multiple configurations, place each file in a .zip file and upload the .zip file.
  5. In the scan or policy with the Cisco Firepower audit, upload the .txt or .zip file to Firepower config file(s).
  6. Save and launch the scan or policy.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.