Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-7
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
SetOS
You can use the
SetOS
function to specify the vendor, product, version, and mobile device information
for the operating system for specified hosts. When you import operating system information, you set the
display strings for the vendor, product, version, and mobile device information.
display strings for the vendor, product, version, and mobile device information.
You can also map the third-party vendor, product, and version strings to a Cisco product definition. If
you map third-party operating system names to a Cisco definition, the vulnerabilities for that operating
system in the Cisco database map to the host where the third-party data was imported. If you have
already created a third-party product map set using the Defense Center web interface, you can use the
you map third-party operating system names to a Cisco definition, the vulnerabilities for that operating
system in the Cisco database map to the host where the third-party data was imported. If you have
already created a third-party product map set using the Defense Center web interface, you can use the
SetCurrent3rdPartyMap
function to use the values you specified in that map set for the third-party
application strings and corresponding Cisco definitions, as described in
.
The operating system identity displayed in a host profile is set by the highest priority source. Possible
sources have the following priority order: user, scanner and application (set in the system policy),
FireSIGHT, then NetFlow. Note that a new higher priority operating system identity will not override a
current operating system identity if it has less detail than the current identity.
sources have the following priority order: user, scanner and application (set in the system policy),
FireSIGHT, then NetFlow. Note that a new higher priority operating system identity will not override a
current operating system identity if it has less detail than the current identity.
Table 2-2
DeleteHost Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the host
input source.
input source.
Yes
“Application”
or
“Scanner”
Note you should set the
$source_type_id
variable to contain the appropriate value before
invoking the
invoking the
DeleteHost
function, and then
reference
$source_type
in your function call.
For more information, see
$source_id
Indicates the source ID for the
source adding the host input.
source adding the host input.
Yes
“source_id”
Note you should set the
$source_id
variable to
contain the source ID before invoking the
DeleteHost
function, and then reference
$source_id
in your function call. For more
$addr_string
Indicates the string containing
the IP address or addresses for
the affected hosts.
the IP address or addresses for
the affected hosts.
Yes (unless
attribute lists or
MAC addresses
are provided)
attribute lists or
MAC addresses
are provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses, enclosed in
double quotes.
blocks, and ranges of IP addresses, enclosed in
double quotes.
$attrib_list
Indicates the host attribute or
attributes specifying the hosts
affected by the host input.
attributes specifying the hosts
affected by the host input.
Yes (unless IP
addresses or MAC
addresses are
provided)
addresses or MAC
addresses are
provided)
A list of attribute value hash pairs of the format:
{attribute => “Department”,
value => “Development”},
Note that
$attrib_list
must be an array or
reference an array.
$mac_list
Indicates the list of MAC
addresses for the affected
hosts.
addresses for the affected
hosts.
Yes (unless IP
addresses or
attribute lists are
provided)
addresses or
attribute lists are
provided)
A list of MAC address strings, with or without
separating colons.
separating colons.
Note that
$mac_list
must be an array or
reference an array.