Mapping Third-Party Vulnerabilities

To add vulnerability information from a third party to the VDB, you must map the third-party identification string for each imported vulnerability to any existing SVID, Bugtraq, or SID. After you create a mapping for the vulnerability, the mapping works for all vulnerabilities imported to hosts in the network map and allows impact correlation for those vulnerabilities.

You must enable impact correlation for third-party vulnerabilities to allow correlation to occur. For versionless or vendorless applications, you must also map vulnerabilities for the application types in the Secure Firewall Management Center configuration.

Although many clients have associated vulnerabilities, and clients are used for impact assessment, you cannot use third-party client vulnerabilities for impact assessment.

Tip

If you have already created a third-party mapping on another Secure Firewall Management Center, you can export it and then import it onto this management center. You can then edit the imported mapping to suit your needs.

Procedure

Step 1

Choose Policies > Application Detectors.

Step 2

Click User Third-Party Mappings.

Step 3

You have two choices:

  • Create — To create a new vulnerability set, click Create Vulnerability Map Set.
  • Edit — To edit an existing vulnerability set, click Edit (edit icon) next to the vulnerability set. If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 4

Click Add Vulnerability Map.

Step 5

Enter the third-party identification for the vulnerability in the Vulnerability ID field.

Step 6

Enter a Vulnerability Description.

Step 7

Optionally:

  • Enter a Snort ID in the Snort Vulnerability ID Mappings field.
  • Enter a legacy vulnerability ID in the SVID Mappings field.
  • Enter a Bugtraq identification number in the Bugtraq Vulnerability ID Mappings field.

Step 8

Click Add.