Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
2-15
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
Service Keys
The
$service
variable is a server definition hash that supports several keys.
If you do not set either the
service_name
or the
service_id
value, the server displays as
“unknown”
in
the web interface.
If you call the
SetCurrent3rdPartyMap
function before calling the
SetOS
function, note the third-party
product name details and Cisco product definition when creating the third-party mapping. See
for more information.
You need only specify the vendor, product, and version strings for this function. Otherwise, the system
assigns the most focused set of vulnerabilities it can using each piece of Cisco product definition detail
you provide. For example, if you use this function to set a server definition on a host by setting the
assigns the most focused set of vulnerabilities it can using each piece of Cisco product definition detail
you provide. For example, if you use this function to set a server definition on a host by setting the
vendor_str
,
product_str
, and
version_str
keys to Apache, Tomcat, and 4.x, respectively, then only
set the
vendor_id
,
product_id
, and
major
keys to the identification numbers for Apache, Tomcat, and
4, respectively, that host will have all vulnerabilities for both Apache Tomcat 4.0 and Apache Tomcat
4.1.
4.1.
Table 2-10
DeleteService Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the
host input source.
host input source.
Yes
“Application”
or
“Scanner”
Note you should set the
$source_type_id
variable to contain the appropriate value before
invoking the
invoking the
DeleteService
function, and then
reference
$source_type_id
in your function
call. For more information, see
$source_id
Indicates the source ID
for the source adding the
host input.
for the source adding the
host input.
Yes
“source_id”
Note you should set the
$source_id
variable to
contain the source ID before invoking the
DeleteService
function, and then reference
$source_id
in your function call. For more
information, see
$addr_string
Indicates the string
containing the IP
address or addresses for
the affected hosts.
containing the IP
address or addresses for
the affected hosts.
Yes (unless attribute
lists are provided)
lists are provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses, enclosed in
double quotes.
blocks, and ranges of IP addresses, enclosed in
double quotes.
$attrib_list
Indicates the host
attribute or attributes
specifying the hosts
affected by the host
input.
attribute or attributes
specifying the hosts
affected by the host
input.
Yes (unless IP
addresses are provided)
addresses are provided)
A list of attribute value hash pairs of the format:
{attribute => “Department”,
value => “Development”},
Note that
$attrib_list
must be an array or
reference an array.
$port
Indicates the port for the
server to be deleted.
server to be deleted.
Yes
Integers in the range of 1-65535.
$proto
Indicates the protocol
for the server to be
deleted.
for the server to be
deleted.
Yes
Either the strings
tcp
or
udp
or the appropriate
protocol IDs
6
(tcp) or
17
(udp).