Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
2-18
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
The client application identity displayed in a host profile is set by the highest priority source. Possible
sources have the following priority order: user, scanner and application (set in the system policy),
FireSIGHT, then NetFlow. Note that a new higher priority client application identity will not override a
current client application identity if it has less detail than the current identity.
sources have the following priority order: user, scanner and application (set in the system policy),
FireSIGHT, then NetFlow. Note that a new higher priority client application identity will not override a
current client application identity if it has less detail than the current identity.
See
for an example of this function
used in a script.
Use this syntax:
AddClientApp($source_type_id, $source_id, $addr_string, $attrib_list, $id, $type,
$version)
Table 2-14
AddClientApp Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the
host input source.
host input source.
Yes
“Application”
or
“Scanner”
Note you should set the
$source_type_id
variable to contain the appropriate value before
invoking the
invoking the
AddClientApp
function, and then
reference
$source_type_id
in your function
call. For more information, see
.
$source_id
Indicates the source ID
for the source adding the
host input.
for the source adding the
host input.
Yes
“source_id”
Note you should set the
$source_id
variable to
contain the source ID before invoking the
AddClientApp
function, and then reference
$source_id
in your function call. For more
information, see
.
$addr_string
Indicates the string
containing the IP
address or addresses for
the affected hosts.
containing the IP
address or addresses for
the affected hosts.
Yes (unless attribute lists
are provided)
are provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses, enclosed in
double quotes.
blocks, and ranges of IP addresses, enclosed in
double quotes.
$attrib_list
Indicates the host
attribute or attributes
specifying the hosts
affected by the host
input.
attribute or attributes
specifying the hosts
affected by the host
input.
Yes (unless IP addresses
are provided)
are provided)
A list of attribute value hash pairs of the format:
{attribute => “Department”,
value => “Development”},
Note that
$attrib_list
must be an array or
reference an array.
$id
Indicates the client
application name.
application name.
Yes
A string consisting of alphanumeric characters
or spaces, enclosed in double quotes.
or spaces, enclosed in double quotes.
For existing applications, corresponds to ID
values in the database. The system looks up the
ID to see if it matches an existing client
application ID. If it does not, a new ID is
created.
values in the database. The system looks up the
ID to see if it matches an existing client
application ID. If it does not, a new ID is
created.
$type
This field is deprecated.
No
A null value.
$version
Indicates the application
version.
version.
No
A string consisting of alphanumeric characters
or spaces, enclosed in double quotes.
or spaces, enclosed in double quotes.