Network Discovery Vulnerability Impact Assessment Options
You can configure how the system performs impact correlation with intrusion events. Your choices are as follows:
-
Check the Use Network Discovery Vulnerability Mappings check box if you want to use system-based vulnerability information to perform impact correlation.
-
Check the Use Third-Party Vulnerability Mappings check box if you want to use third-party vulnerability references to perform impact correlation. For more information, see the Firepower System Host Input API Guide.
You can check either or both of the check boxes. If the system generates an intrusion event and the host involved in the event has servers or an operating system with vulnerabilities in the selected vulnerability mapping sets, the intrusion event is marked with the Vulnerable (level 1: red) impact icon. For any servers which do not have vendor or version information, note that you need to enable vulnerability mapping in the management center configuration.
If you clear both check boxes, intrusion events will never be marked with the Vulnerable (level 1: red) impact icon.