Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

4-2

FireSIGHT System Remediation API Guide

Chapter 4 Working with the Remediation SDK

Understanding the Remediation SDK

As with all remediation modules, you enter a small amount of configuration in the web interface to add
instances of the module. Each instance targets a particular device on your network (in this case a syslog
server) and runs the remediation for the instance. To run the

Complete_Notification

remediation type,

you select a syslog facility level not required for the

Simple_Notification

remediation type.

See the following table for a list of the Perl version files.

See following table for a list of the C version files.

Downloading the SDK

To download the remediation SDK:

Step 1

Access the support website at https://support.sourcefire.com/downloads.

Step 2

Select a software version, then under Product Category, select

Software

. The download link for the

remediation SDK is in the

api

portion of the page.

Step 3

Unpack the .zip file in a convenient folder on your client machine.

Table 4-1

Sample Perl Module

Included Files

Description

syslog.pl

The program that executes the syslog alert when the correlation policy associated it
with is violated.

module.template Module configuration file. Defines required event data, required information to

collect in the web interface when users create instances, and other essential setup
parameters.

Makefile

Sample makefile to package the files in a remediation module for installation on the
Defense Center.

Table 4-2

Sample C Module

Included Files

Description

syslogc.c

The program that executes the syslog alert when the correlation policy associated it
with is violated.

module.template Module configuration file. Defines required event data, required information to

collect in the web interface when users create instances, and other essential setup
parameters.