Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
2-22
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
AddProtocol
You can use the
AddProtocol
function to add either a network or transport protocol to an existing host
in the network map. You can supply either a protocol ID, a transport protocol name that exists in the
/etc/protocols
file on your Defense Center, or a network protocol name from
.
Note
You cannot add transport protocols to MAC-only hosts.
See
for an example of this function used in a script.
Use this syntax:
AddProtocol($source_type_id, $source_id, $addr_string, $attrib_list, $mac_list,
$proto, $type)
$proto
Indicates the
identification string or
name of the protocol to
be deleted.
identification string or
name of the protocol to
be deleted.
Yes
Valid protocol names consisting of alphanumeric
characters or spaces, enclosed in double quotes. For
transport protocols (“
characters or spaces, enclosed in double quotes. For
transport protocols (“
xport
”), protocols listed in the
/etc/protocols file are acceptable. For network
protocols (“
protocols (“
net
”), see
$type
Indicates the type of
protocol to be deleted.
protocol to be deleted.
Yes
“xport”
or
“net”
Table 2-17
DeleteProtocol Fields (continued)
Field
Description
Required
Allowed Values
Table 2-18
AddProtocol Fields
Field
Description
Required
Allowed Values
$source_type_id
Indicates the type of the host
input source.
input source.
Yes
“Application”
or
“Scanner”
Note you should set the
$source_type_id
variable
to contain the appropriate value before invoking
the
the
AddProtocol
function, and then reference
$source_type_id
in your function call. For more
information, see
$source_id
Indicates the source ID for
the source adding the host
input.
the source adding the host
input.
Yes
“source_id”
Note you should set the
$source_id
variable to
contain the source ID before invoking the
AddProtocol
function, and then reference
$source_id
in your function call. For more
information, see
.
$addr_string
Indicates the string
containing the IP address or
addresses for the affected
hosts.
containing the IP address or
addresses for the affected
hosts.
Yes (unless
attribute lists or
MAC addresses
are provided)
attribute lists or
MAC addresses
are provided)
A comma-separated list of IP addresses, CIDR
blocks, and ranges of IP addresses, with each
address, block, or range enclosed in double quotes.
blocks, and ranges of IP addresses, with each
address, block, or range enclosed in double quotes.