Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Planning the development of a custom remediation module consists of the tasks listed in the following 
table, which indicates where to find information and guidance on each task area.

Custom remediation modules can receive two kinds of data from the remediation subsystem:

event data, which includes a variety of data about the correlation policy that was violated and about 
the original triggering event that caused the policy violation

instance configuration data, which includes values entered in the web interface when an instance of 
a remediation is configured 

These two types of data incorporate both the data about the network traffic or change that triggered the 
rules in the violated policy, and the configured instance of the remediation that runs in response to that 
policy violation. See “Configuring Correlation Policies and Rules” and “Configuring Responses for 
Correlation Policies” in the FireSIGHT System User Guide for more information about creating, 
configuring and using correlation policies and remediations. 

performing a functional analysis and the 
importance of understanding the remediation 
subsystem concept of operations

reviewing the data available from the 
remediation subsystem

using the return code function of the remediation 
subsystem

coordinating your software development and 
generating the 

module.template

 file

packaging the remediation module and 
installing it