Automating VDB Update Installs

Allow enough time between the task that downloads the VDB update and the task that installs the update.

You must be in the global domain to perform this task.

Caution

Installing a vulnerability database (VDB) update immediately restarts the Snort process on all managed devices. Additionally, the first deploy after installing the VDB might cause a Snort restart depending on the VDB content. In either scenario, the restart interrupts traffic inspection. Whether traffic drops during the interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior for more information.

Caution

When a VDB update includes changes applicable to managed devices, the first manual or scheduled deploy after installing the VDB restarts the Snort process, interrupting traffic inspection. Deploy dialog messages warn you of restarts in pending deploys to Firepower Threat Defense devices. Whether traffic drops or passes without further inspection during this interruption depends on how the targeted device handles traffic. You cannot deploy VDB updates that apply only to the Firepower Management Center, and they do not cause restarts. See Snort Restart Traffic Behavior for more information.

Procedure

Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Install Latest Update.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

From the Device drop-down list, select the CDO.

Step 7

Next to Update Items, check the Vulnerability Database check box.

Step 8

If you want to comment on the task, type a comment in the Comment field.

Tip

The comment field appears in the View Tasks section of the page, so you should try to keep it relatively short.

Step 9

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 10

Click Save.