nMap Connector

Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.


To import your asset data from the Nmap tool to the Cisco Vulnerability Management platform, you will need to leverage the Nmap XML Connector under the Discovery tools category.

 

User Prerequisites/Connector Setup:

  • Given that connector is an XML (file-based) connector, there is no need for a Virtual Tunnel.

  • Nmap XML output is supported. This is generated by adding "-oX (filename).xml" to your Nmap command line.
     

Configuring your Connector in Cisco Vulnerability Management

 

To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select NMAP.

nMap_Select.png

 

Once you select the Nmap Connector, the following screen will appear:

 

nMap_Config.png

 

  • Enter a name for the connector, or leave it as “Nmap” if you wish.

  • Click Save and Verify

  • If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later. Since this Connector only imports Asset Data (Similar to a CMDB connector) you may not need to set an asset inactivity limit, as your global limit will apply.

 

What Nmap Items does Cisco Vulnerability Management Import

nMap Field

Cisco Vulnerability Management Field

Notes

last_booted_at

Last Seen

 

--

external_id

 

mac

Mac Address

 

reverse_dns

hostname

 

ipv4

ip_address

 

--

netbios

 

port > number

Port

 

[os_vendor + os_family + os_version]

Operating System

Stored in the source asset hash for our Parser we combine multiple fields for a single field string for OS.

State

Status

if state == ‘down’ we will reject the payload and not bring in the asset.

 

The Cisco Vulnerability Management Connector does not pull in the following:

  • Custom Fields

  • Tags

 
Optional Settings

The following settings can be enabled on the backend for Nmap Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

 

Common Reasons for Nmap Connector Run Failures

  • Unexpected data returned

    • If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.

  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run

 

Additional Assistance:

Please contact Cisco Support should you require any additional assistance with the Nmap Connector(s).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.