Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
3-4
FireSIGHT System Remediation API Guide
Chapter 3 Communicating with the Remediation Subsystem
Defining the Configuration Template
Consider the following XML code, which illustrates the global configuration portion of a
module.template
file.
<global_config>
<display_name>My Firewall</display_name>
<binary>firewall_block.pl</binary>
<description>Dynamically apply firewall rules to my firewall.</description>
<version>1.0</version>
<run_as_root/>
</global_config>
In this example, the remediation module is represented by the name My Firewall in the web interface. It
runs version 1.0 of a program called
runs version 1.0 of a program called
firewall_block.pl
, which you install using the Defense Center
for more information). The program dynamically
applies firewall rules to a specific firewall and runs as root on the Defense Center.
Defining the Configuration Template
The
config_template
child element of the
module
element specifies the types of information the user
must provide when configuring the instances that this remediation module executes (see
). The user provides the information specified in this element via the
Defense Center user interface. Each
module
element may contain only one direct child
config_template
element and this element applies to all instances that are configured.
Note, however, that each
remediation_type
element in
module.template
can also contain a child
config_template
element. The
config_template
child element under
remediation_type
allows you to
define information that the user must provide for each of the different remediation types. So a user will
have to configure general instance-level fields using the
have to configure general instance-level fields using the
config_template
element in the
module
portion, and then, optionally, an additional set of
config_template
fields specific to the remediation
type being executed by the instance. For more information, see
.
run_as_root
Sets a flag that allows the remediation module to run as
root on the Cisco appliance where it is installed.
root on the Cisco appliance where it is installed.
Caution
Cisco recommends that you use this element
only if absolutely necessary.
only if absolutely necessary.
no
encode_values
Sets a flag that HTML-encodes user input. This allows
users to enter input that might otherwise be
unintentionally interpreted by the XML processor.
users to enter input that might otherwise be
unintentionally interpreted by the XML processor.
Note
If you use this element, your remediation
module must handle HTML decoding as part of
its input handling.
module must handle HTML decoding as part of
its input handling.
no
Table 3-1
global_config Child Elements (continued)
Name
Description
Required?