Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-11
FireSIGHT System Remediation API Guide
Chapter 2 Planning and Packaging Your Remediation Module
Data Available from the Remediation Subsystem
Note that the above example does not include
</instance>
. This is because the
instance.conf
document
for this example instance would go on to include the
remediation
element discussed next in this section.
If you do not require additional remediation configuration in your module, the
instance.conf
returned
for that module does not include remediation elements.
The remediation Element
The
instance
element contains a
remediation
element for each remediation configured for that instance.
Each
remediation
element has, as an attribute, the name of the remediation instance (entered into the
web interface at the time the instance is configured) and the type of the remediation, which was initially
provided by the
provided by the
remediation_type
element in the
module.template
document. For more information
about the
module.template
file, see
In addition,
remediation
elements can contain
config
elements. These function in the same way as
config
elements that are child elements of
instance
, but use data originally specified in the
config_template
element that is a child of
remediation_type
in the
module.template
document. The
following describes these attributes and elements.
For example, suppose the
module.template
document in the example provided in
continues with the following:
<remediation_type name="acl_insert">
<display_name>ACL Insertion</display_name>
<policy_event_data>
<pe_item>src_ip_addr</pe_item>
<pe_item>src_port</pe_item>
<pe_item>src_protocol</pe_item>
<pe_item>dest_ip_addr</pe_item>
<pe_item>dest_port</pe_item>
<pe_item>dest_protocol</pe_item>
</policy_event_data>
<config_template>
<integer>
<name>acl_num</name>
<display_name>ACL Number</display_name>
</integer>
</config_template>
</remediation_type>
The Instance Detail page that allows you to add remediations to a created instance contains the
remediation type “ACL Insertion”. Adding “ACL Insertion” to the instance takes the user to a page that
includes a name field, which populates the name attribute value for that remediation element in the
remediation type “ACL Insertion”. Adding “ACL Insertion” to the instance takes the user to a page that
includes a name field, which populates the name attribute value for that remediation element in the
instance.conf
, and a field labelled ACL Number, which accepts an integer value.
Table 2-11
remediation Attributes and Child Elements
Name
Type
Description
name
attribute
Ties the data in the document to the named, configured remediation and reflects
the name specified by the configuring user.
the name specified by the configuring user.
type
attribute
Provides the type of remediation configured in this instance.
config
element
Contains the data entered into the remediation configuration fields on the web
interface at configuration.
interface at configuration.