Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
C H A P T E R
1-1
FireSIGHT System Host Input API Guide
1
Understanding Host Input
The FireSIGHT System provides two tools for importing data from other sources on your network to
augment your network map: the host input API and the host input import tool.
augment your network map: the host input API and the host input import tool.
If your organization has the expertise to create Perl scripts, the host input API allows you to script direct
data transfer between a third-party application and the network map. For example, you might have a
patch management application on your network that contains information about the current patch levels
for the hosts on your network. You could import the third-party fix information for each host into the
network map. If you set up a map of the names that the third-party application uses for each patch and
invoke it before adding the fixes, the system can use that information to update the vulnerability list on
each host to deactivate vulnerabilities addressed by the fix. The host input API allows you to create a
script that maps third-party data structures to Cisco data structures, so you can re-run the script to import
new data as needed, as long as the names of data elements do not change on either side.
data transfer between a third-party application and the network map. For example, you might have a
patch management application on your network that contains information about the current patch levels
for the hosts on your network. You could import the third-party fix information for each host into the
network map. If you set up a map of the names that the third-party application uses for each patch and
invoke it before adding the fixes, the system can use that information to update the vulnerability list on
each host to deactivate vulnerabilities addressed by the fix. The host input API allows you to create a
script that maps third-party data structures to Cisco data structures, so you can re-run the script to import
new data as needed, as long as the names of data elements do not change on either side.
If you do not have a programmer available to you, or if you want to import a set of data and do not need
to re-run similar imports in the future, you can create a text file containing the data and use the host input
import tool to perform the import on the Defense Center using the
to re-run similar imports in the future, you can create a text file containing the data and use the host input
import tool to perform the import on the Defense Center using the
nmimport.pl
script.
For example, if you are setting up a new installation of FireSIGHT, you might want to make sure that all
the computers listed in your asset management software exist in the network map. You could export the
host data from the asset management application, format the results into an appropriately formatted text
file, and import the host data using the host input import tool. If the asset management system includes
operating system information for each host, you could set up a third-party product map for the asset
management system and map each third-party operating system label to the corresponding Cisco label.
You can set that map before you run the import, and the system will associate the appropriate Cisco
operating system definition with each host.
the computers listed in your asset management software exist in the network map. You could export the
host data from the asset management application, format the results into an appropriately formatted text
file, and import the host data using the host input import tool. If the asset management system includes
operating system information for each host, you could set up a third-party product map for the asset
management system and map each third-party operating system label to the corresponding Cisco label.
You can set that map before you run the import, and the system will associate the appropriate Cisco
operating system definition with each host.
There are five major steps to setting up a host input API connection with the FireSIGHT System:
Step 1
If you want to perform impact correlation using third-party host data, you can configure third-party
product maps to map service, operating system, or fix definitions to Cisco product or fix definitions,
using the Defense Center web interface.
product maps to map service, operating system, or fix definitions to Cisco product or fix definitions,
using the Defense Center web interface.
Step 2
If you want to import third-party vulnerabilities, you can configure third-party vulnerability maps to map
third-party vulnerability identification strings to Cisco vulnerability IDs, using the Defense Center web
interface. Note that you can also perform this mapping in your client using the SetCurrent3rdPartyMap
API function with the appropriate vulnerability keys.
third-party vulnerability identification strings to Cisco vulnerability IDs, using the Defense Center web
interface. Note that you can also perform this mapping in your client using the SetCurrent3rdPartyMap
API function with the appropriate vulnerability keys.
Step 3
Write a script that imports data to hosts in the network map using the host input API, including calls to
invoke third-party product maps as needed.
invoke third-party product maps as needed.
Step 4
Log in as
admin
on your Defense Center.