Cisco Cisco Firepower Management Center 4000 Developer's Guide
2-34
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
Third-Party Mapping Functions
You can use the third-party mapping functions to invoke a set of product mappings on a host. When you
invoke a map set, mappings from third-party application names to Cisco product definitions apply for
hosts affected by any following function calls in your script. When you unset a product map, the settings
on the host revert to
invoke a map set, mappings from third-party application names to Cisco product definitions apply for
hosts affected by any following function calls in your script. When you unset a product map, the settings
on the host revert to
Unidentified
.
For more information, see the following sections:
•
•
SetCurrent3rdPartyMap
You can use this function to set the current third-party map for the current session. You create third-party
mappings using the Defense Center web interface to set up a reusable map between each third-party
vendor, product, and version combination and the corresponding Cisco product definition. If you set a
third-party map and then add or set host operating system or server data that includes third-party
application names included in the map, the system uses the mappings to map the Cisco product
definition, and associated vulnerabilities, to each host where the input occurs.
mappings using the Defense Center web interface to set up a reusable map between each third-party
vendor, product, and version combination and the corresponding Cisco product definition. If you set a
third-party map and then add or set host operating system or server data that includes third-party
application names included in the map, the system uses the mappings to map the Cisco product
definition, and associated vulnerabilities, to each host where the input occurs.
For instance, you could create a map set called
“Custom Utility”
, in which you could define the
third-party strings as follows:
•
Vendor String
-
Microsoft
•
Product String -
Win2k
You could select the following Cisco product mapping in the map set:
•
Vendor -
Microsoft, Corp.
•
Product -
Windows 2000
•
Patch -
SP3
If you set this product map by calling
SetCurrent3rdPartyMap(“Custom Utility”)
, it maps
“Microsoft Win2k”
to the VDB entry for the
“Microsoft Windows 2000 SP3”
product.
If you want to import host data for a host operating system, you can then call the
SetOS
function and
only specify the vendor, product, and version string. The host input API processor automatically converts
the strings specified in the product map into the VDB parameters mapped to those strings. See
the strings specified in the product map into the VDB parameters mapped to those strings. See
for more information on creating 3rd party mapping sets.
Table 2-30
Keys for Rendering
Key
Data Type
Applies to
Definition
name
string
$mapping_vuln_list
Use this key to supply the vulnerability name used by the
third-party application.
third-party application.
desc
string
$mapping_vuln_list
Use this key to supply the vulnerability description used by the
third-party application.
third-party application.