Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
2-8
FireSIGHT System Remediation API Guide
Chapter 2 Planning and Packaging Your Remediation Module
Data Available from the Remediation Subsystem
The following table describes the data available about the source host’s server, or only server identified
in the event that caused the correlation event. Note that only the transport protocol is guaranteed to be
populated
in the event that caused the correlation event. Note that only the transport protocol is guaranteed to be
populated
The following table describes the data available about the destination host. This data is only available
for intrusion events.
for intrusion events.
The following table describes the data available about the destination host’s server, or the only server
identified in the event that caused the correlation event. Note that only the transport protocol is
guaranteed to be populated.
identified in the event that caused the correlation event. Note that only the transport protocol is
guaranteed to be populated.
Table 2-6
Source Server Data
Name
Description
Field
Type
Bytes
Port
Port on which the identified server is running. For
intrusion events, port is populated only if the
protocol is TCP or UDP.
intrusion events, port is populated only if the
protocol is TCP or UDP.
src_port
uint16_t
2
Server
Server (for example, HTTP, SMTP) identified in
the event that caused the policy violation.
the event that caused the policy violation.
src_service
char
max 255
Table 2-7
Destination Host Data
Name
Description
Field
Type
Bytes
IP Address
The IP address of the destination host in the event
that triggered the policy violation.
that triggered the policy violation.
dest_ip_addr
uint32_t
4
Host Type ID
The destination host’s recognized type (for
example, router, bridge).
example, router, bridge).
dest_host_type
uint8_t
1
VLAN ID
The destination host’s VLAN ID.
dest_vlan_id
uint16_t
2
OS Vendor
The vendor of the host’s identified operating
system; discovery events only.
system; discovery events only.
dest_os_vendor
char*
max 255
OS Product
The host’s identified operating system; discovery
events only.
events only.
dest_os_product
char*
max 255
OS Version
The version number of the host’s identified
operating system; discovery events only.
operating system; discovery events only.
dest_os_version
char*
max 255
Host Criticality
A user-defined value in; discovery host and
connection events.
connection events.
dest_criticality
uint16_t
2
Table 2-8
Destination Server Data
Name
Description
Field
Type
Bytes
Destination Port
Port on which the identified server is running. In
the case of intrusion events, the port is populated
only if the protocol is identified as TCP or UDP.
the case of intrusion events, the port is populated
only if the protocol is identified as TCP or UDP.
dest_port
uint16_t
2
Destination
Server
Server
Server (for example, HTTP, SMTP) identified in
the event that caused the policy violation.
the event that caused the policy violation.
dest_service
char
max 255