Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
1-4
FireSIGHT System Remediation API Guide
Chapter 1 Understanding the Remediation Subsystem
Understanding Remediation Subsystem Architecture
Remediation Subsystem Components
The following diagram illustrates the main functions of the remediation subsystem and their interactions.
You create remediations in order to respond to rule violations on your network in an automated mode.
The Defense Center web interface allows you to define and activate your correlation policies and
associate them with remediations. When a policy violation occurs, the remediation subsystem passes the
name of the remediation and the event data specified in the
The Defense Center web interface allows you to define and activate your correlation policies and
associate them with remediations. When a policy violation occurs, the remediation subsystem passes the
name of the remediation and the event data specified in the
module.template
configuration file to the
remediation daemon.
The remediation daemon launches the remediation and passes the correlation event data and
instance-specific parameters to your remediation program. It also accepts return codes from the
remediation program. The Defense Center uses the return codes for status displays.
instance-specific parameters to your remediation program. It also accepts return codes from the
remediation program. The Defense Center uses the return codes for status displays.
The remediation program launches a set of instances of the remediation when the associated policy rule
triggers. Each instance targets a particular network device. You create instances on the Instance Detail
page of the Defense Center web interface. For each instance you provide the necessary instance-specific
configuration details such as IP address and password of the target device.
triggers. Each instance targets a particular network device. You create instances on the Instance Detail
page of the Defense Center web interface. For each instance you provide the necessary instance-specific
configuration details such as IP address and password of the target device.