nMap Connector

Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.

To import your asset data from the Nmap tool to the Cisco Vulnerability Management platform, you will need to leverage the Nmap XML Connector under the Discovery tools category.

 

User Prerequisites/Connector Setup:

  • Given that connector is an XML (file-based) connector, there is no need for a Virtual Tunnel.

  • Nmap XML output is supported. This is generated by adding "-oX (filename).xml" to your Nmap command line.

  • You must be a Cisco Vulnerability Management administrator.
     

Configuring your Connector in Cisco Vulnerability Management

 

To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select NMAP.

nMap_Select.png

 

1. In the Cisco Vulnerability Management UI, click Connectors.

2. Click Add Connector.

3. In the Discovery section, click Nmap.
nMap_Select.png

4. On the Nmap page, enter the following information.

 

nMap_Config.png

 

  • Name: Enter a name for the connector, or leave it as “Nmap”.

  • Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Since this Connector only imports Asset Data (similar to a CMDB connector) you might not need to set an asset inactivity limit because your global limit will apply.

5. Click Save and Verify.

What Nmap Items does Cisco Vulnerability Management Import

nMap Field

Cisco Vulnerability Management Field

Notes

last_booted_at

Last Seen

 

--

external_id

 

mac

Mac Address

 

reverse_dns

hostname

 

ipv4

ip_address

 

--

netbios

 

port > number

Port

 

[os_vendor + os_family + os_version]

Operating System

Stored in the source asset hash for our Parser we combine multiple fields for a single field string for OS.

State

Status

if state == ‘down’ we will reject the payload and not bring in the asset.

 

The Cisco Vulnerability Management Connector does not import the following:

  • Custom Fields

  • Tags

 
Optional Settings

The following settings can be enabled on the backend for Nmap Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.

Ignore Scanner Last Seen Time

  • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Custom Ordered Locators

  • Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

Common Reasons for Nmap Connector Run Failures

  • If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run

Additional Assistance:

Contact Cisco Support should you require any additional assistance with the Nmap Connector(s).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.