Cisco Cisco Firepower Management Center 4000 Developer's Guide
3-8
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
If you define a custom operating system for a host, the Defense Center web interface indicates the source
for the change in the Source Type field of the event view or the basic host information of the host profile.
for the change in the Source Type field of the event view or the basic host information of the host profile.
Use this syntax:
SetOS, ip_address, vendor_str, product_str, version_str, vendor_id, product_id,
major, minor, revision, build, patch, extension, device_string, mobile, jailbroken
Or, to set a new product map before you set the operating system, use this syntax:
SetMap:map_name, SetOS, ip_address, vendor_str, product_str, version_str, vendor_id,
product_id, major, minor, revision, build, patch, extension, device_string, mobile,
jailbroken
For more information on setting third-party product maps, see
.
UnsetOS
You can use the
UnsetOS
function to remove a previously set OS definition from specified hosts. It resets
the OS definition to allow the system to track changes to the operating system in the future.
Use this syntax:
UnsetOS, ip_address
Where
ip_address
is a comma-separated list of IP addresses, CIDR blocks, and ranges of IP addresses
representing the host or hosts where you want to reset the operating system identity.
Table 3-3
SetOS Fields
Field
Description
Required
Allowed Values
ip_address
Indicates the string containing the IP address or addresses for
the affected host or hosts.
the affected host or hosts.
Yes
A comma-separated list of IP
addresses, CIDR blocks, and
ranges of IP addresses
addresses, CIDR blocks, and
ranges of IP addresses
vendor_str
Supplies the operating system vendor display name used by
the third-party application.
the third-party application.
No
string
product_str
Supplies the operating system product display name used by
the third-party application.
the third-party application.
No
string
version_str
Supplies the operating system version display name used by
the third-party application.
the third-party application.
No
string
vendor_id
Supplies the Cisco vendor definition to map to.
No
uint32
product_id
Supplies the Cisco product definition to map to.
No
uint32
major
Supplies the Cisco major version definition to map to.
No
uint32
minor
Supplies the Cisco minor version definition to map to.
No
uint32
revision
Supplies the Cisco revision string to map to.
No
uint32
build
Supplies the Cisco build definition to map to.
No
string
patch
Supplies the Cisco patch definition to map to.
No
string
extension
Supplies the Cisco extension definition to map to.
No
string
device_string
Supplies the detected mobile device hardware information.
No
string
mobile
Indicates whether the operating system is running on a mobile
device.
device.
No
uint8
jailbroken
Indicates whether the mobile device operating system is
jailbroken.
jailbroken.
No
uint8