Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

The following diagram illustrates the main functions of the remediation subsystem and their interactions.

You create remediations in order to respond to rule violations on your network in an automated mode. 
The Defense Center web interface allows you to define and activate your correlation policies and 
associate them with remediations. When a policy violation occurs, the remediation subsystem passes the 
name of the remediation and the event data specified in the 

module.template

 configuration file to the 

remediation daemon. 

The remediation daemon launches the remediation and passes the correlation event data and 
instance-specific parameters to your remediation program. It also accepts return codes from the 
remediation program. The Defense Center uses the return codes for status displays.

The remediation program launches a set of instances of the remediation when the associated policy rule 
triggers. Each instance targets a particular network device. You create instances on the Instance Detail 
page of the Defense Center web interface. For each instance you provide the necessary instance-specific 
configuration details such as IP address and password of the target device.