Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-10
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
Use the following key to delete the user OS definition:
•
drop_user_product
If the
drop_user_product
value is set to 1, the
SetOS
function deletes the existing user operating system
definition from the host.
UnsetOS
The
UnsetOS
function removes a user-added OS definition from the specified hosts.
UnsetOS
does not
remove an OS definition from a host if it was detected through FireSIGHT.
Use this syntax:
UnsetOS($source_type_id, $source_id, $addr_string, $attrib_list)
extension
string
Use this key to supply the Cisco extension definition to map to.
fixes
variable
Use this key to supply a list of fix_ids or fix names to be applied
to the operating system. If a fix id or fix name matches a fix in the
Cisco database, the system looks up the ID for the matching fix
and uses it.
to the operating system. If a fix id or fix name matches a fix in the
Cisco database, the system looks up the ID for the matching fix
and uses it.
Table 2-5
Keys for Vulnerability Mapping (continued)
Key
Data Type
Definition
Table 2-6
UnsetOS Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the host
input source.
input source.
Yes
“Application”
or
“Scanner”
Note you should set the
$source_type_id
variable to contain the appropriate value
before invoking the
before invoking the
UnsetOS
function, and
then reference
$source_type_id
in your
function call. For more information, see
$source_id
Indicates the source ID for the
source adding the host input.
source adding the host input.
Yes
“source_id”
Note you should set the
$source_id
variable to contain the source ID before
invoking the
invoking the
UnsetOS
function, and then
reference
$source_id
in your function
call. For more information, see
$addr_string
Indicates the string containing
the IP address or addresses for
the affected hosts.
the IP address or addresses for
the affected hosts.
Yes (unless attribute
lists are provided)
lists are provided)
A comma-separated list of IP addresses,
CIDR blocks, and ranges of IP addresses,
enclosed in double quotes.
CIDR blocks, and ranges of IP addresses,
enclosed in double quotes.
$attrib_list
Indicates the host attribute or
attributes specifying the hosts
affected by the host input.
attributes specifying the hosts
affected by the host input.
No
A list of attribute value hash pairs of the
format:
format:
{attribute => “Department”,
value => “Development”},
Note that
$attrib_list
must be an array
or reference an array.