Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

<pe_item>dest_protocol</pe_item>

</policy_event_data>

</remediation_type>

<remediation_type name="acl_insert">

<display_name>ACL Insertion</display_name>

<policy_event_data>

<pe_item>src_ip_addr</pe_item>

<pe_item>src_port</pe_item>

<pe_item>src_protocol</pe_item>

<pe_item>dest_ip_addr</pe_item>

<pe_item>dest_port</pe_item>

<pe_item>dest_protocol</pe_item>

</policy_event_data>

<config_template>

<integer>

<name>acl_num</name>

<display_name>ACL Number</display_name>

</integer>

</config_template>

</remediation_type>

The example above contains 3 remediation types: 

block_src

, 

block_dest

, and 

acl_insert

. Each of 

these requires specific correlation event (

pe_item

) data. The 

acl_insert

 remediation type also requires 

configuration data, which is specified in its 

config_template

 child element; users must provide an ACL 

number when they configure instances of that type.

The remediation subsystem expects to receive an exit status, or return code, in the form of an integer 
from your remediation module. 

Cisco provides a set of predefined exit status messages your remediation module can return. You can 
return predefined exit statuses, which correspond to integer values between 1 and 128, inclusive. The 
following lists and describes these predefined exit status codes.

0

Successful completion of remediation.

1

Error in the input provided to the remediation module.

2

Error in the remediation module configuration. 

3

Error logging into the remote device or server.

4

Unable to gain required privileges on remote device or server.

5

Timeout logging into remote device or server.

6

Timeout executing remote commands or servers.

7

The remote device or server was unreachable.

8

The remediation was attempted but failed.

10

A white-list match was found.

11

Failed to execute remediation program

20

Unknown/unexpected error.