Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8588
Views
15
Helpful
20
Replies

Tenable Security Center to Sourcefire Firesight vulnerability connector

nathig001
Level 1
Level 1

‎05-20-2016 09:28 AM - edited ‎03-12-2019 06:01 AM

I am looking for a guide on how to connect Sourcefire to Nessus Security Center to pull in vulnerability data and then change our recommended IPS signatures based on the data imported. I see there were some old connectors in the forums and also a Perl script that seems to not work anymore. Any help on this would be fantastic!

3 people had this problem
Labels:
0 Helpful
20 Replies 20

Christopher Bell
Level 4
Level 4
In response to nathig001

‎03-27-2017 12:08 PM

I'm going to give Doug the benefit of the doubt here and see if he can steer me in the right direction.  It seems completely ludicrous that the only posture tool that FMC has access to is NMAP.  Other than using something like Tenable Security Center (or one of it's competitors) the only other way to get relevant and up to date posture information about resources is to update it manually in FMC - and that's not plausible if you have more than a few forward facing servers.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

dohurd
Cisco Employee
Cisco Employee
In response to Christopher Bell

‎03-27-2017 07:36 AM

Christopher, let me at least end the finger-pointing stuff.

You're correct that this is supposed to work.  It has worked for over 10 years.  I'm not the definitive technical authority on this feature but I can tell you that similar issues have recently been reported by two other parties that I am aware and with different vulnerability technologies being used.  It points to a bug in the code that leverages the 3rd party vuln set.  I've asked a friend in support to make sure the issue is escalated to development. 

I cannot provide any guidance on time frame.  I encourage you to keep the SR case number open with TAC and feel free to reach out to me at dohurd@cisco.com

Doug

Christopher Bell
Level 4
Level 4
In response to dohurd

‎03-29-2017 04:25 AM

Hi Doug - sent you an email Monday. 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

jaime.pedraza
Level 1
Level 1
In response to dohurd

‎02-18-2019 09:30 PM

Hello Doug,

 

I need to do this integration with FMC 6.2.3. Do you know if there is more info actually or the RESTFUL API is already working?

 

Regards,

 

James

0 Helpful

nathig001
Level 1
Level 1
In response to Moses Hernandez

‎08-02-2016 03:47 PM

This item has been deleted by the supreme commander.

0 Helpful

Siemmina
Level 1
Level 1
In response to Moses Hernandez

‎09-15-2020 01:52 AM

Hello Moses

 

We have a Cisco Firepower Management Center and we integrated it with Tenable to send the vulnerabilities to the FMC.  we followed the steps for integration from this link  https://github.com/QuiLoxx/ATS-APIs/tree/master/firepower/neipatel_securityCenter-HostInput/v1

It seems that is working because we can see the events from the connector side but we can't see anything from FMC side no events are shown under Analysis > Host > Third-Party Vulnerabilities.

Any Tips?

Thank you in advance,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card