Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
2-3
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Running a Host Input API Script
Running a Host Input API Script
When you run your script, take the following requirements into account:
•
•
•
Application Privileges
To connect to the Host Input channel, applications must run with
admin
privileges.
Setting a Third-Party Vulnerability Map
If you want to import data including third-party vulnerabilities and use that data for impact correlation,
you must create a third-party vulnerability map set before importing the data.
you must create a third-party vulnerability map set before importing the data.
You can create a map set in two ways: using the Defense Center web interface or using the
AddScanResult
function. If you import scan results using this function, be sure to edit the source
definition for the input source in your network discovery policy to set the identity source type to Scanner.
The third-party map set allows the system to translate the third-party vulnerability ID to the
corresponding vulnerability in the database. If you do not map a third-party vulnerability before import,
the vulnerability does not map to a vulnerability ID and cannot be used for impact correlation.
The third-party map set allows the system to translate the third-party vulnerability ID to the
corresponding vulnerability in the database. If you do not map a third-party vulnerability before import,
the vulnerability does not map to a vulnerability ID and cannot be used for impact correlation.
For more information on mapping third-party vulnerabilities, see the FireSIGHT System User Guide.
Setting a Third-Party Product Map
When you import operating system or server data to a host, you can map third-party product name details
to a Cisco product definition. You can create a third-party product map through the Defense Center web
interface.
to a Cisco product definition. You can create a third-party product map through the Defense Center web
interface.
The third-party product map set allows the system to translate the third-party vendor, product, and
version to the corresponding Cisco definition. When you set a third-party product map containing a
server definition or an operating system definition, within the same script you can then define only the
display strings for a third-party server or operating system when you add or set it using the API.
version to the corresponding Cisco definition. When you set a third-party product map containing a
server definition or an operating system definition, within the same script you can then define only the
display strings for a third-party server or operating system when you add or set it using the API.
If you map third-party fixes to Cisco fix definitions using a third-party product map, set the product map,
and then add fixes to hosts using the third-party fix name, the system maps the fixes to the appropriate
Cisco fix definitions and deactivates vulnerabilities addressed by the fix.
and then add fixes to hosts using the third-party fix name, the system maps the fixes to the appropriate
Cisco fix definitions and deactivates vulnerabilities addressed by the fix.
To map a third-party product to a Cisco product definition:
Access:
Admin
Step 1
Select
Policies
> Application Detectors
, then click
User Third-Party Mappings
.
The User Third-Party Mappings page appears.
Step 2
You have two choices:
•
To edit an existing map set, click
Edit
next to the map set.