How do I collect from Cisco Firepower ?

[Available since Nanitor 1.6.2 - ca. July 2018].

Nanitor supports benchmarking of Cisco Firepower devices through the Nanitor Collector.

Prerequisites

  1. You need to have a Nanitor Collector up and running. A single collector can collect from multiple network devices, servers and databases.
  2. You need to have the IP address of the Firepower device and the collector needs to have network access to connect to the device via SSH.
  3. You need to have a user with sufficient privileges

Example of creating a user account for collecting required data:

Firepower at its core is a Linux system with many configuration parameters that cannot be audited from the limited CLI that is offered.  Auditing Firepower devices requires config access in order to access the expert mode. This user has full permissions on the system. To create a nanitor user with config permission, entering the password when prompted (via FTD CLI).
> configure user add nanitor config

Adding the device to Nanitor Collector

Run this command to avoid putting the passwords in .bash_history:

unset HISTFILE 

Now we add the credentials (the passwords are stored locally in an encrypted format).

The credentials are created as follows

$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl credential_add --title firepower-nanitor --access_method ssh --username nanitor --password mypass 

Now we add the device and start collection from the Firepower device (here with IP address 172.9.3.6):

$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl device_add --title firepower1 --device_type firepower --address 172.9.3.6 --credential_title firepower-nanitor 

This can take a few seconds as it will complete authenticating and fully collecting the first results.  Once completed, the results will be immediately available in the Nanitor UI.  The collector will continue collecting results once every 24 hours.

If the results do not appear in the Nanitor UI, ensure that the benchmarks are selected (Firepower) and in scope for the organization (Administration - Organization Management - Settings - Benchmarks tab). 

Still need help? Contact Us Contact Us