How do I collect from Cisco Firepower ?
[Available since Nanitor 1.6.2 - ca. July 2018].
Nanitor supports benchmarking of Cisco Firepower devices through the Nanitor Collector.
- You need to have a Nanitor Collector up and running. A single collector can collect from multiple network devices, servers and databases.
- You need to have the IP address of the Firepower device and the collector needs to have network access to connect to the device via SSH.
- You need to have a user with sufficient privileges
Example of creating a user account for collecting required data:
> configure user add nanitor config
Adding the device to Nanitor Collector
Run this command to avoid putting the passwords in .bash_history:
Now we add the credentials (the passwords are stored locally in an encrypted format).
The credentials are created as follows
$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl credential_add --title firepower-nanitor --access_method ssh --username nanitor --password mypass
Now we add the device and start collection from the Firepower device (here with IP address 22.214.171.124):
$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl device_add --title firepower1 --device_type firepower --address 126.96.36.199 --credential_title firepower-nanitor
This can take a few seconds as it will complete authenticating and fully collecting the first results. Once completed, the results will be immediately available in the Nanitor UI. The collector will continue collecting results once every 24 hours.