Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
1-2
FireSIGHT System Remediation API Guide
Chapter 1 Understanding the Remediation Subsystem
Prerequisites
Prerequisites
Before using the remediation API for custom remediations, you should be familiar with information in
the following categories:
the following categories:
•
•
•
FireSIGHT System
To understand the information in this guide, you should be familiar with the features and nomenclature
of the FireSIGHT System, and the functions of certain components:
of the FireSIGHT System, and the functions of certain components:
•
the Defense Center role in the FireSIGHT System architecture
•
correlation policy management module on the Defense Center
•
remediation management module on the Defense Center
See the FireSIGHT System User Guide for further information.
Programming Requirements and Support
You must be able to code your custom remediation in Perl or shell script, or as a precompiled,
statically-linked C program (with the exception of links to routines in glibc).
statically-linked C program (with the exception of links to routines in glibc).
In addition, you must be able to produce a configuration file in XML for each remediation module. This
file is called
file is called
module.template
. See the system-provided remediation modules for samples of this file.
For module locations on the Defense Center, see
For each instance you add, the Defense Center generates an instance-specific XML configuration file
called
called
instance.conf
. Your code must parse this file each time a remediation instance executes.
The following table lists the packages available on the Defense Center as resources for writing and
executing your remediation program.
executing your remediation program.
Table 1-1
Additional Packages
Additional Packages
Location
GNU bash, version 3.2.33(1)-release
/bin/bash
tcsh 6.17.00
/bin/tcsh
glibc 2.7
/lib/libc-2.7.so
perl v5.10.1
/usr/bin/perl
Net::Telnet
N/A
Net::SSH::Perl
N/A
XML::Smart
N/A