Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
4-4
FireSIGHT System Remediation API Guide
Chapter 4 Working with the Remediation SDK
Notes for Remediation Program Developers
The following table indicates where to find information on topics of interest.
Implementing Remediation Types in a Remediation Program
The remediation daemon on the Defense Center specifies the remediation name as the first argument on
the command line when it launches the remediation program. The code snippet below from the SDK Perl
program,
the command line when it launches the remediation program. The code snippet below from the SDK Perl
program,
syslog.pl,
shows one way your program can branch to the appropriate remediation function.
The program runs either
SimpleNotification()
or
CompleteNotification()
, based on the content of
$remediation_config,
which is set by the first field from the remediation daemon. The sample also
shows the use of return codes which are discussed in
.
# Call the appropriate function for the remediation type
my $rval = 0;
if($remediation_config->{type} eq "Simple_Notification")
{
$rval = SimpleNotification($instance_config, $remediation_config,
\@pe_event_data);
}
elsif($remediation_config->{type} eq "Complete_Notification")
{
$rval= CompleteNotification($instance_config,$remediation_config,
\@pe_event_data);
}
else
{
warn "Invalid remediation type. Check your instance.conf\n";
exit(CONFIG_ERR);
}
exit($rval);
Table 4-3
Programmer Notes
To learn more about...
Look in...
the file structure and workflow environment of the
remediation subsystem
remediation subsystem
implementing multiple remediation types in a
remediation program
remediation program
the remediation subsystem file structure
the interactions of the remediation program and the
Defense Center remediation subsystem
Defense Center remediation subsystem
the order in which parameters are passed from the
Defense Center to the remediation module
Defense Center to the remediation module
how the remediation daemon handles undefined
data elements
data elements
return codes from the remediation program
runtime modes for the remediation program
alternative encoding of user input