Mapping Third-Party Products

If you import data from a third party, you must map the Cisco product to the third-party name to assign vulnerabilities and perform impact correlation using that data. Mapping the product associates Cisco vulnerability information with the third-party product name, which allows the system to perform impact correlation using that data.

If you import data using the host input import feature, you can also use the AddScanResult function to map third-party products to operating system and application vulnerabilities during the import.

For example, if you import data from a third party that lists Apache Tomcat as an application and you know it is version 6 of that product, you could add a third-party map where:

  • Vendor Name is set to Apache.

  • Product Name is set to Tomcat.

  • Apache is chosen from the Vendor drop-down list.

  • Tomcat is chosen from the Product drop-down list.

  • 6 is chosen from the Version drop-down list

This mapping would cause any vulnerabilities for Apache Tomcat 6 to be assigned to hosts with an application listing for Apache Tomcat.

Note that for versionless or vendorless applications, you must map vulnerabilities for the application types in the Secure Firewall Management Center configuration. Although many clients have associated vulnerabilities, and clients are used for impact assessment, you cannot import and map third-party client vulnerabilities.

Tip

If you have already created a third-party mapping on another Secure Firewall Management Center, you can export it and then import it onto this management center. You can then edit the imported mapping to suit your needs.

Procedure

Step 1

Choose Policies > Application Detectors.

Step 2

Click User Third-Party Mappings.

Step 3

You have two choices:

  • Create — To create a new map set, click Create Product Map Set.
  • Edit — To edit an existing map set, click Edit (edit icon) next to the map set you want to modify. If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 4

Enter a Mapping Set Name.

Step 5

Enter a Description.

Step 6

You have two choices:

  • Create — To map a third-party product, click Add Product Map.
  • Edit — To edit an existing third-party product map, Edit (edit icon) next to the map set you want to modify. If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 7

Enter the Vendor String used by the third-party product.

Step 8

Enter the Product String used by the third-party product.

Step 9

Enter the Version String used by the third-party product.

Step 10

In the Product Mappings section, choose the operating system, product, and versions you want to use for vulnerability mapping from the Vendor, Product, Major Version, Minor Version, Revision Version, Build, Patch, and Extension fields.

Example:

If you want a host running a product whose name consists of third-party strings to use the vulnerabilities from Red Hat Linux 9, choose Redhat, Inc. as the vendor, Redhat Linux as the product, and 9 as the version.

Step 11

Click Save.