Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-3
FireSIGHT System Remediation API Guide
Chapter 4 Working with the Remediation SDK
Overview of the Development and Installation Process
Overview of the Development and Installation Process
The steps below form a checklist of tasks that need to be performed to create, install, and configure a
custom remediation module. Some of the steps involve procedural and descriptive details that are
explained in cross-referenced sections of the Remediation API Guide or the FireSIGHT System User
Guide.
custom remediation module. Some of the steps involve procedural and descriptive details that are
explained in cross-referenced sections of the Remediation API Guide or the FireSIGHT System User
Guide.
To develop, install, and configure a custom remediation module, you must:
Step 1
Identify the condition you want to mitigate and the actions that appropriately resolve the detected
condition in your environment.
condition in your environment.
Step 2
Familiarize yourself with data elements that can be obtained from the remediation subsystem. See
for definitions of all available fields that the
Defense Center can provide for your remediation.
You should also understand the return code functionality built into the remediation subsystem. See
for information.
Step 3
Generate a high-level design that identifies all the remediation actions (remediation types) that your
program needs to address.
program needs to address.
Step 4
Write your remediation program so that it addresses all the functions necessary for the desired
remediations. Remediation module programs may be written in bash, tsch, Perl or C. Develop your
program using the technical guidance provided in
remediations. Remediation module programs may be written in bash, tsch, Perl or C. Develop your
program using the technical guidance provided in
.
Step 5
Create the
module.template
file for your remediation module. For an understanding of the data elements
and syntax of
module.template
, see the chapter
.
You can save time by editing an existing
module.template
file to start with.
Step 6
Package your remediation module as described in
.
Step 7
Install the module on the Defense Center using the Policy and Response component as described in
. You will load the package on the Defense Center and proceed as if
you were configuring one of the Cisco-provided modules.
Step 8
Ensure that the individual remediation types in your remediation module are assigned as responses to
the correct correlation rules in your defined correlation policies. See the FireSIGHT System User Guide
for procedure details.
the correct correlation rules in your defined correlation policies. See the FireSIGHT System User Guide
for procedure details.
Notes for Remediation Program Developers
When you have defined the required scope and functionality of your remediation program and
understood the data elements available for your remediation actions, you can write the remediation
program.
understood the data elements available for your remediation actions, you can write the remediation
program.
Remediation module programs may be written in bash, tsch, Perl or C.