Cisco Cisco Firepower Management Center 4000 Developer's Guide
2-32
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
SetValidVulns
You can use the
SetValidVulns
function to activate vulnerabilities on a host or set of hosts. Once you
set a vulnerability as Valid for a host, Defense Center assigns a red impact to the event if the SID in the
event is mapped to the valid vulnerability. For the function call to be effective for a Cisco vulnerability,
it must exist on the host and be set to invalid. When you use
event is mapped to the valid vulnerability. For the function call to be effective for a Cisco vulnerability,
it must exist on the host and be set to invalid. When you use
SetValidVulns
to activate a third-party
vulnerability for a host, it adds the vulnerability to the host.
Use this syntax:
SetValidVulns($source_type_id, $source_id, $addr_string, $attrib_list, $vulns,
$vuln_type)
Table 2-27
SetValidVulns Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the
host input source.
host input source.
Yes
“Application” or “Scanner”
Note you should set the
$source_type_id
variable to
contain a value before invoking the
SetValidVulns
function, and then reference
$source_type_id
in
your function call. For more information, see
.
$source_id
Indicates the source ID
for the source adding the
host input.
for the source adding the
host input.
Yes
“source_id”
Note you should set the
$source_id
variable to
contain the source ID before invoking the
SetValidVulns
function, and then reference
$source_id
in your function call. For more
information, see
.
$addr_string
Indicates the string
containing the IP
address or addresses for
the affected hosts.
containing the IP
address or addresses for
the affected hosts.
Yes (unless
attribute lists are
provided)
attribute lists are
provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses, with each address,
block, or range enclosed in double quotes.
blocks, and ranges of IP addresses, with each address,
block, or range enclosed in double quotes.
$attrib_list
Indicates the host
attribute or attributes
specifying the hosts
affected by the host
input.
attribute or attributes
specifying the hosts
affected by the host
input.
Yes (unless IP
addresses are
provided)
addresses are
provided)
A list of attribute value hash pairs of the format:
{attribute => “Department”,
value => “Development”},
Note that
$attrib_list
must be an array or reference
an array.
$vulns
Supplies information
about the vulnerability
to be activated.
about the vulnerability
to be activated.
Yes
Uses a hash of vulnerability keys to set vulnerability
information. For more information, see
information. For more information, see
.
$vuln_type
Indicates the type of the
vulnerability.
vulnerability.
Yes
Any of the following:
•
rna
•
name of custom third-party vulnerability map set
For more information on mapping third-party
vulnerabilities, see the FireSIGHT System User
Guide or see
vulnerabilities, see the FireSIGHT System User
Guide or see
.