Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
2-43
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Example Host Input API Scripts
Example: Adding a Protocol to the Host
The script next adds the
ospf
protocol to the
1.2.3.4
host. Note that the protocol type for the protocol
is
“xport”
.
# Add the transport protocol "ospf" to the newly created host
if ($retval = SF::SFDataCorrelator::HostInput::AddProtocol
($source_type_id, $source_id, "1.2.3.4", [], [],
"ospf", "xport" ))
{
warn "AddProtocol Failed with error $retval";
exit;
}
Example: Adding a Server to the Host
The script then uses the
AddService
function to add the
OpenSSH
server to the
1.2.3.4
host:
# Add the OpenSSH server to the host
if ($retval = SF::SFDataCorrelator::HostInput::AddService(
$source_type_id, $source_id, "1.2.3.4", [],
{
port => 22,
proto => 'tcp',
vendor_str => 'OpenSSH',
version_str => '4.1',
service_name => 'ssh'
}))
{
warn "AddService Failed with error $retval";
exit;
}
Note that the
$service
hash is used to set the port to
22
, the protocol to
tcp
, the vendor display string
to
OpenSSH
, the version display string to
4.1
, and the server name to
ssh
.
Example: Setting the Host Criticality
Next, the
SetAttributeValue
function is used to set the host criticality for the
1.2.3.4
host to Medium:
# Set the Criticality of the host to "Medium"
if ($retval = SF::SFDataCorrelator::HostInput::SetAttributeValue
($source_type_id, $source_id, "1.2.3.4", [],
"Criticality", "medium" ))
{
warn "SetAttributeValue Failed with error $retval";
exit;
}
Note that the attribute name is set to “
Criticality”
and the attribute value is set to
“medium”
.
Example: Adding a Client Application to Multiple Hosts
Finally, the script adds a client application named
BMC Remedy
to every host with a Medium criticality.
# Add a Client Application to all hosts with a Criticality Value of "Medium"
if ($retval = SF::SFDataCorrelator::HostInput::AddClientApp(
$source_type_id, $source_id, "",
[ { attribute => "Criticality", value => "medium"} ],