Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-9
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
Server Functions
You can update server information for hosts in the network map using the server functions.
For more information, see the following sections:
•
•
•
•
•
AddService
You can add a server to an existing host in the network map using the
AddService
function.
The server identity displayed in a host profile is set by the highest priority source. Possible sources have
the following priority order: user, scanner and application (set in the system policy), FireSIGHT, then
NetFlow. Note that a new higher priority server identity will not be override a current operating server
identity if it has less detail than the current identity.
the following priority order: user, scanner and application (set in the system policy), FireSIGHT, then
NetFlow. Note that a new higher priority server identity will not be override a current operating server
identity if it has less detail than the current identity.
Use this syntax:
AddService, ip_address, port, proto, server, vendor_str, version_str, vendor_id,
product_id, major, minor, revision, build, patch, extension
Or, to set a new product map before you add the server, use this syntax:
SetMap:map_name, AddService, ip_address, port, proto, server, vendor_str,
version_str, vendor_id, product_id, major, minor, revision, build, patch, extension
For more information on setting third-party product maps, see
and
Table 3-4
AddService Fields
Field
Description
Required
Values
ip_address
Indicates the string containing the IP address or
addresses for the affected host or hosts.
addresses for the affected host or hosts.
Yes
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses.
blocks, and ranges of IP addresses.
port
Use this field in combination with the
ip_address
and
proto
fields to specify the
server to be added on the hosts where it should
be added.
be added.
Yes
Integers in the range of 1-65535.
proto
Use this field in combination with the
ip_address
and
port
fields to specify the server
to be added on the hosts where it should be
added.
added.
Yes
Either the strings
tcp
or
udp
or the appropriate
protocol IDs
6
(tcp) or
17
(udp).
server
The name or ID of the server in the Cisco
database.
database.
No
To identify the server, you must include a value
for either
for either
service_name
or
service_id
. If
neither is provided, the server will be listed as
unknown
. If a server name is provided, The
system looks up the server ID. If no ID exists
for the server name, the system creates an ID.
for the server name, the system creates an ID.