Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-11
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
Server Functions
You can update server information for hosts in the network map using the server functions.
For more information, see the following sections:
•
•
•
•
AddService
You can add a server to an existing host in the network map using the
AddService
function.
The server identity displayed in a host profile is set by the highest priority source. Possible sources have
the following priority order: user, scanner and application (set in the system policy), FireSIGHT, then
NetFlow. Note that a new higher priority operating server identity will not override a current operating
server identity if it has less detail than the current identity.
the following priority order: user, scanner and application (set in the system policy), FireSIGHT, then
NetFlow. Note that a new higher priority operating server identity will not override a current operating
server identity if it has less detail than the current identity.
See
for an example of this function used in a script.
Use this syntax:
AddService($source_type_id, $source_id, $addr_string, $attrib_list, $service)
Table 2-7
AddService Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the
host input source.
host input source.
Yes
“Application”
or
“Scanner”
Note you should set the
$source_type_id
variable to contain the appropriate value before
invoking the
invoking the
AddService
function, and then
reference
$source_type
_id in your function call.
For more information, see
$source_id
Indicates the source ID
for the source adding the
host input.
for the source adding the
host input.
Yes
“source_id”
Note you should set the
$source_id
variable to
contain the source ID before invoking the
AddService
function, and then reference
$source_id
in your function call. For more
information, see
.
$addr_string
Indicates the string
containing the IP address
or addresses for the
affected hosts.
containing the IP address
or addresses for the
affected hosts.
Yes (unless attribute
lists are provided)
lists are provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses, enclosed in
double quotes.
blocks, and ranges of IP addresses, enclosed in
double quotes.