Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-33
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
Vulnerability Keys
The
$vulns
field for the
SetValidVulns
and the
SetInvalidVulns
functions and the
$mapping_vuln_list
field for the
AddScanResult
function use a vulnerability definition hash with some
or all of the keys defined in the following tables.
Because you can map vulnerabilities to multiple servers running on a system, the
port
and
proto
information must be provided in order to mark server vulnerabilities.
The following tables provide information on the keys you can use with the
$vulns
and
$mapping_vuln_list
fields.
Table 2-28
Keys for Vulnerability Mapping
Key
Data Type
Used by
Definition
cve_ids
string
$mapping_vuln_list
A comma-separated list of CVE IDs, with each ID enclosed
in single quotes.
in single quotes.
If this field,
vuln_id
, and
bugtraq_ids
are empty, this is a
generic scan result
Use this key to specify the CVE ID for any vulnerabilities
on the hosts.
on the hosts.
bugtraq_ids
uint
$mapping_vuln_list
A comma-separated list of BugTraq IDs, with each ID
enclosed in single quotes.
enclosed in single quotes.
If this field,
vuln_id
, and
cve_ids
are empty, this is a
generic scan result.
Use this key to specify the BugTraq ID for any
vulnerabilities on the hosts.
vulnerabilities on the hosts.
vuln_id
string
$vulns
and
$mapping_vuln_list
A string, enclosed in single quotes.
If this field, bugtraq_ids, and cve_ids are empty, this is a
generic scan result.
generic scan result.
Use this key to indicate the vulnerability ID for the
vulnerability. For third-party vulnerabilities, note that you
must map the third-party vulnerability ID and reference the
vulnerability map set in the
vulnerability. For third-party vulnerabilities, note that you
must map the third-party vulnerability ID and reference the
vulnerability map set in the
vuln_type
field. For more
information, see
Table 2-29
Keys for Server Identity
Key
Data Type
Applies to
Definition
port
uint
$vulns
and
$mapping_vuln_list
With the
proto
key, use this key to specify the server that
may be affected by this vulnerability.
proto
string
$vulns
and
$mapping_vuln_list
With the
port
key, use this key to specify the server that
may be affected by this vulnerability, using either the
strings
strings
tcp
or
udp
or the appropriate protocol IDs
6
(tcp) or
17
(udp).