Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
To import your asset data from the Nmap tool to the Cisco Vulnerability Management platform, you will need to leverage the Nmap XML Connector under the Discovery tools category.
User Prerequisites/Connector Setup:
-
Given that connector is an XML (file-based) connector, there is no need for a Virtual Tunnel.
-
Nmap XML output is supported. This is generated by adding "-oX (filename).xml" to your Nmap command line.
-
You must be a Cisco Vulnerability Management administrator.
Configuring your Connector in Cisco Vulnerability Management
To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select NMAP.
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Discovery section, click Nmap.
4. On the Nmap page, enter the following information.
-
Name: Enter a name for the connector, or leave it as “Nmap”.
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Since this Connector only imports Asset Data (similar to a CMDB connector) you might not need to set an asset inactivity limit because your global limit will apply.
5. Click Save and Verify.
What Nmap Items does Cisco Vulnerability Management Import
nMap Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
last_booted_at |
Last Seen |
|
-- |
external_id |
|
mac |
Mac Address |
|
reverse_dns |
hostname |
|
ipv4 |
ip_address |
|
-- |
netbios |
|
port > number |
Port |
|
[os_vendor + os_family + os_version] |
Operating System |
Stored in the source asset hash for our Parser we combine multiple fields for a single field string for OS. |
State |
Status |
if state == ‘down’ we will reject the payload and not bring in the asset. |
The Cisco Vulnerability Management Connector does not import the following:
-
Custom Fields
-
Tags
Optional Settings
The following settings can be enabled on the backend for Nmap Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Ignore Scanner Last Seen Time
- If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
- Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
Common Reasons for Nmap Connector Run Failures
- If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
- If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run
Additional Assistance:
Contact Cisco Support should you require any additional assistance with the Nmap Connector(s).
Comments
Please sign in to leave a comment.