Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

In addition to deploying Cisco-provided remediation modules, you can install and run your own custom 
remediations to automate responses to violations of associated correlation policies. Cisco provides a 
software developer kit (SDK) that you can download from the Support Site to help you get started. 

Using the SDK and the information in this chapter of the Cisco Remediation API Guide, you can:

Practice deploying a simple remediation module to gain familiarity with the process. Installation, 
configuration, and removal are easy.

Inspect the source code of a remediation program to see one way to use the API to interact with the 
remediation subsystem and perform multiple remediation functions.

The syslog module in the SDK is not intended for production use.

Please note that you can use the Cisco-provided modules already loaded on the Defense Center as a 
reference resource while you develop. All of these modules are accessible at 

/var/sf/remediation_modules

 on the Defense Center. Each installed module has a 

.tgz

 package in this 

directory. For information on the modules, see 

.

The remediation SDK has a syslog alert remediation module in two versions, Perl and C. To use it, you 
need a syslog server running and receiving remote traffic.

The module provides two remediation types:

Simple_Notification

 - generates syslog alerts with the source IP address, source port (if available), 

and IP protocol (if available) for the triggering event.

Complete_Notification

 - generates a syslog alert with the same fields as the simple notification, 

and also includes the destination IP address, destination port, and a severity indicator for the 
triggering event.