Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-20
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
Use this syntax:
SetInvalidVulns, ip_address, port, proto, type, vuln_id
SetValidVulns
You can use the
SetValidVulns
function to activate vulnerabilities on a host or set of hosts. Once you
set a vulnerability as Valid for a host, Defense Center assigns a red impact to the event if the SID in the
event is mapped to the valid vulnerability. For the function call to be effective, the vulnerability must
exist on the host and be set to invalid.
event is mapped to the valid vulnerability. For the function call to be effective, the vulnerability must
exist on the host and be set to invalid.
Use this syntax:
SetValidVulns, ip_address, port, proto, type, vuln_id
Table 3-17
SetInvalidVulns Fields
Field
Description
Required
Values
ip_address
Indicates the string containing the
IP address or addresses for the
affected host or hosts.
IP address or addresses for the
affected host or hosts.
Yes (unless MAC
addresses are
provided)
addresses are
provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses.
blocks, and ranges of IP addresses.
port
With the
proto
field, identifies
the server affected by the
vulnerability on the host where
the import occurs.
vulnerability on the host where
the import occurs.
Yes, if the fix
applies to a server
applies to a server
Integers in the range of 1-65535.
proto
With the
port
field, identifies the
server affected by the
vulnerability on the host where
the import occurs.
vulnerability on the host where
the import occurs.
Yes, if the fix
applies to a server
applies to a server
Either the strings
tcp
or
udp
or the appropriate
protocol IDs
6
(tcp) or
17
(udp).
vuln_id
Indicates the vulnerability ID for
the vulnerability.
the vulnerability.
Yes
Valid Cisco vulnerability IDs, or mapped third-party
vulnerability IDs.
vulnerability IDs.
For third-party vulnerabilities, note that you must
map the third-party vulnerability ID and reference the
vulnerability map set in the
map the third-party vulnerability ID and reference the
vulnerability map set in the
vuln_type
field. For
more information, see
Table 3-18
SetValidVulns Fields
Field
Description
Required
Values
ip_address
Indicates the string containing the
IP address or addresses for the
affected host or hosts.
IP address or addresses for the
affected host or hosts.
Yes
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses.
blocks, and ranges of IP addresses.
port
With the
proto
field, identifies
the server affected by the
vulnerability on the host where
the import occurs.
vulnerability on the host where
the import occurs.
Yes, if the fix
applies to a server
applies to a server
Integers in the range of 1-65535.