Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
C H A P T E R
3-1
FireSIGHT System Remediation API Guide
3
Communicating with the Remediation Subsystem
Your remediation module must receive information from the Defense Center remediation subsystem to
successfully perform its function. You configure the information that your module receives in an XML
file called
successfully perform its function. You configure the information that your module receives in an XML
file called
module.template
.
Without it, the remediation subsystem cannot interact with your
remediation module.
The
module.template
XML file allows you to specify:
•
a set of module-level declarations such as the name and version of your remediation module, a short
descriptive text, and the name of the binary file for your remediation program
descriptive text, and the name of the binary file for your remediation program
•
the information the module requires from the user when the user configures remediation instances
in the Defense Center user interface
in the Defense Center user interface
•
the specific remediation actions, known as remediation types, that the module can perform and the
correlation event data each remediation type requires
correlation event data each remediation type requires
•
any custom return codes and exit status messages that your remediation program returns to the
Defense Center
Defense Center
Before writing a
module.template
for your remediation module, you should understand the
module.template
schema (
module.template.xsd
). The schema defines the elements (or tags used to
contain data) and attributes (or data used to modify the data contained in an element) you can use to
provide information to the remediation subsystem. The
provide information to the remediation subsystem. The
module.template
schema is located on the DC
at
/etc/sf/remediation/module.template.vsd
.
The top-level element in
module.template
is
module
, in which you specify the name of the remediation
module using the
name
attribute. The
name
attribute is required and accepts a string value between 1 and
64 alphabetic characters.
Caution
You cannot use white space in the module’s
name
attribute value. In addition, you cannot use punctuation
marks except for underscore (_) or dash (-).