Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
3-7
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
Note that you cannot create a MAC-only host for a MAC address if the system detects traffic that
indicates that MAC address is mapped as a primary MAC address for an IP host already in the network
map.
indicates that MAC address is mapped as a primary MAC address for an IP host already in the network
map.
Use this syntax:
AddHost, ip_address, mac_address
DeleteHost
You can use the
DeleteHost
function to remove a host (or hosts) from the network map. You can remove
an IP host (a host with an IP address and optionally a MAC address) by specifying either the IP address
or the MAC address for the host. To remove a MAC-only host (a host with only a MAC address), indicate
the MAC address as the
or the MAC address for the host. To remove a MAC-only host (a host with only a MAC address), indicate
the MAC address as the
mac_list
value.
Use this syntax:
DeleteHost, ip_address, mac_address
SetOS
You can use the
SetOS
function to specify the vendor, product, version, and mobile device information
for the operating system for specified hosts. When you import operating system information, you set the
display strings for the vendor, product, version, and mobile device information. You can also map the
third-party vendor, product, and version strings to a Cisco product definition. See
display strings for the vendor, product, version, and mobile device information. You can also map the
third-party vendor, product, and version strings to a Cisco product definition. See
for more information.
If you map third-party operating system names to a Cisco definition, the vulnerabilities for that operating
system in the Cisco database correspond to the host where the third-party data was imported. If you have
already created a third-party product map set using the Defense Center web interface, you can use the
system in the Cisco database correspond to the host where the third-party data was imported. If you have
already created a third-party product map set using the Defense Center web interface, you can use the
SetMap
function to use the values you specified in that map set for the third-party application strings and
.
The operating system identity displayed in a host profile is set by the highest priority source. Possible
sources have the following priority order: user, scanner and application (set in the system policy),
FireSIGHT, then NetFlow. Note that a new higher priority operating system identity will not override a
current operating system identity if it has less detail than the current identity.
sources have the following priority order: user, scanner and application (set in the system policy),
FireSIGHT, then NetFlow. Note that a new higher priority operating system identity will not override a
current operating system identity if it has less detail than the current identity.
Table 3-1
AddHost Fields
Field
Description
Required
Values
ip_address
Indicates the IP address for the added
host.
host.
Yes (unless a MAC address is provided) A single IP address
mac_address
Indicates the MAC address for the
added host.
added host.
Yes (unless an IP address is provided)
A single MAC
address
address
Table 3-2
DeleteHost Fields
Field
Description
Required
Values
ip_address
Indicates the string containing
the IP address or addresses for
the affected host or hosts.
the IP address or addresses for
the affected host or hosts.
Yes (unless MAC
addresses are
provided)
addresses are
provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses.
blocks, and ranges of IP addresses.
mac_address
Indicates the list of MAC
addresses for the affected host
or hosts.
addresses for the affected host
or hosts.
Yes (unless IP
addresses are
provided)
addresses are
provided)
A list of MAC address strings, with or without
separating colons.
separating colons.