Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

CTR Protected Systems - Updating system OS settings

Hi,

Does anyone know if CTR can be configured in the current release to update protected systems dynamically perhaps by running scheduled agents etc if say a win2k SP1 system has been patched to a win2k sp4 system

If not - As a enhancement request can it be configured to periodically check OS mappings and SP settings and update these dynamically

The same for Unix (Solaris and Linux) when level 2 support is added for those OS's in the next release.

thanks

2 REPLIES
New Member

Re: CTR Protected Systems - Updating system OS settings

Hi,

The current 2.0 release of Cisco Threat Response does not support the ability to dynamically confirm and/or update Static OS Mappings. Typically Static OS Mapping is used for situations where the target system is either modified to return a false OS fingerprint, or is not sufficiently exposed for an accurate OS fingerprint. As such, dynamically confirming changes would not be possible. If systems are accessible for an accurate fingerprint, we recommend that Static OS Mapping is not used, and that CTR is allowed to fully analyze the target system.

Hope this helps.

New Member

Re: CTR Protected Systems - Updating system OS settings

Hi,

Where there are typical scenarios with multiple dmz's and lots of customers with their own web pods, firewalling prevents accurate finger-printing.

The system should be able to update for level 2 (Microsoft Systems) and when Level 2 is available or Unix, it should be able to connect and assess the system fingerprint.

Can you please consider these ER requests

103
Views
0
Helpful
2
Replies
CreatePlease to create content