Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-5
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Writing Host Input Import Files
The following is an example of the first lines of an import file:
# Example CSV style import file for Host Input API
#
# Set the current SOURCE_ID and Product Map to "Custom Utility"
SetSource, Custom Utility
To see these commands in context in an example file, see
Setting a Third-Party Product Map
If you are planning to import third-party operating system, server, or fix definitions, you must create a
user third-party product map for the third-party names. You can use this function to set the current
third-party map for the current session. You create third-party mappings using the Defense Center web
interface to set up a reusable map between each third-party vendor, product, and version combination
and the corresponding Cisco product definition. If you set a third-party map and then add or set host
operating system or server data that includes third-party application names included in the map, the
system uses the mappings to map the Cisco product definition, and associated vulnerabilities, to each
host where the input occurs.
user third-party product map for the third-party names. You can use this function to set the current
third-party map for the current session. You create third-party mappings using the Defense Center web
interface to set up a reusable map between each third-party vendor, product, and version combination
and the corresponding Cisco product definition. If you set a third-party map and then add or set host
operating system or server data that includes third-party application names included in the map, the
system uses the mappings to map the Cisco product definition, and associated vulnerabilities, to each
host where the input occurs.
For instance, you could create a map set called
“Custom Utility”
, in which you define the third-party
strings as follows:
•
Vendor String - Microsoft
•
Product String - Win2k
You could select the following Cisco product mapping in the map set:
•
Vendor - Microsoft, Corp.
•
Product - Windows 2000
•
Patch - SP3
If you set this product map by calling
SetMap, Custom Utility
, it maps
Microsoft Win2k
to the VDB
entry for the
Microsoft Windows 2000 SP3
product.
To set the third-party product map set:
Step 1
Add a line to your import file using the following syntax:
SetMap, Third-PartyProductMapName
where SetMap is the name of the function and
Third-PartyProductMapName
is the name of the
third-party product map set you want to use for the import.
For example, you could put the following line of code following the SetSource command:
SetMap, Custom Utility
You can also use this command to change to a different third-party product map within an import file.
Required Fields
Each host input function requires either an IPv4 or IPv6 address, address range, or subnet (for specifying
IP hosts by address) or a MAC address or addresses (for specifying MAC-only hosts). The
documentation for each function call indicates any additional required fields for that function.
IP hosts by address) or a MAC address or addresses (for specifying MAC-only hosts). The
documentation for each function call indicates any additional required fields for that function.