Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
3-28
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Example Host Input Import File
# Add a third-party vulnerability (from third-party vulnerability map "Other
Vulnerabilities Map Set") to the host
#
SetValidVuln, 1.2.3.4,,, Other Vulnerabilities Map Set, Vuln0003
Example: Setting the Host Criticality
The next command in the import file uses the
SetAttributeValue
command to set the criticality for the
1.2.3.4
host to High.
# Set the criticality of the host to "High"
#
SetAttributeValue, 1.2.3.4,criticality,high
Note that the attribute name is set to c
riticality
and the attribute value is set to
“high”
.
Example: Add Scan Results
The next set of commands in the import file uses the AddHost command to add a host and then the
AddScanResult command to add data for that host from a third-party scanner.
AddScanResult command to add data for that host from a third-party scanner.
# Add IP host for scan results to follow
#
AddHost,1.2.3.5
#
# Add the scan result from a Qualys scanner to the network map
#
AddScanResult,1.2.3.5,"Qualys",82003,,,"ICMP Timestamp Request","ICMP (Internet
Control and Error Message Protocol) is a protocol encapsulated in IP packets. Its
principal purpose is to provide a protocol layer able to inform gateways of the
inter-connectivity and accessibility of other gateways or hosts. ping is a well-known
program for determining if a host is up or down. It uses ICMP echo packets. ICMP
timestamp packets are used to synchronize clocks between hosts.","cve_ids:
CVE-1999-0524","bugtraq_ids:"
Example: Running Commands on the Defense Center
The
ScanFlush
command indicates to the Defense Center that it can run the queued commands above
the ScanFlush line.
ScanFlush
Example: Adding a Client Application to the Host
The import file then uses the
AddClientApp
command to add a client application named
BMC Remedy
to
the
1.2.3.4
host.
# Add a Client App
#
AddClientApp, 1.2.3.4, “BMC Remedy”, "Asset Manager", "0.0"
Note that the client application ID is set to
BMC Remedy
, the client application type is set to
Asset
Manager
, and the version is set to
0.0
.