Creating Custom Product Mappings
If the system cannot map a server to a vendor and product in the VDB, you can manually create the mapping. When you activate a custom product mapping, the system maps vulnerabilities for the specified vendor and product to all servers in the network map where that vendor string occurs.
Note | Custom product mappings apply to all occurrences of an application protocol, regardless of the source of the application data (such as Nmap, the host input feature, or the system itself). However, if third-party vulnerability mappings for data imported using the host input feature conflicts with the mappings you set through a custom product mapping, the third-party vulnerability mapping overrides the custom product mapping and uses the third-party vulnerability mapping settings when the input occurs. |
You create lists of product mappings and then enable or disable use of several mappings at once by activating or deactivating each list. When you specify a vendor to map to, the system updates the list of products to include only those made by that vendor.
After you create a custom product mapping, you must activate the custom product mapping list. After you activate a list of custom product mappings, the system updates all servers with occurrences of the specified vendor strings. For data imported through the host input feature, vulnerabilities update unless you have already explicitly set the product mappings for this server.
If, for example, your company modifies the banner for your
Apache Tomcat web servers to read
Internal Web Server, you can map the vendor string
Internal Web Server to the vendor
Apache and the product
Tomcat, then activate the list containing that
mapping, all hosts where a server labeled
Internal Web Server occurs have the vulnerabilities for
Apache Tomcat in the database.
Tip | You can use this feature to map vulnerabilities to local intrusion rules by mapping the SID for the rule to another vulnerability. |
Procedure
Step 1 | Choose . |
Step 2 | Click Custom Product Mappings |
Step 3 | Click Create Custom Product Mapping List. |
Step 4 | Enter a Custom Product Mapping List Name. |
Step 5 | Click Add Vendor String. |
Step 6 | In the Vendor String field, enter the vendor string that identifies the applications that should map to the chosen vendor and product values. |
Step 7 | Choose the vendor you want to map to from the Vendor drop-down list. |
Step 8 | Choose the product you want to map to from the Product drop-down list. |
Step 9 | Click Add to add the mapped vendor string to the list. |
Step 10 | Optionally, repeat steps 4 to 8 as needed to add additional vendor string mappings to the list. |
Step 11 | Click Save. |
What to do next
-
Activate the custom product mapping list. For more information, see Activating and Deactivating Custom Product Mappings.