Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
3-10
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
SetService
You can use the
SetService
function to specify the server protocol, vendor, product, and version for a
specified server. You can set display strings for the server using service keys. By mapping a third-party
product in the Defense Center web interface (see
product in the Defense Center web interface (see
) or using
the
SetMap
function (see
), you can associate third-party
server data with the vulnerability information for specific Cisco product definitions.
If the server protocol does not already exist, this call causes a new server identity to be created for the
string. If the specified server does not exist previously, the system creates it.
string. If the specified server does not exist previously, the system creates it.
The server identity displayed in a host profile is set by the highest priority source. Possible sources have
the following priority order: user, scanner and application (set in the system policy), FireSIGHT, then
NetFlow. Note that a new higher priority server identity will not be override a current server identity if
it has less detail than the current identity.
the following priority order: user, scanner and application (set in the system policy), FireSIGHT, then
NetFlow. Note that a new higher priority server identity will not be override a current server identity if
it has less detail than the current identity.
If you define a third-party server definition for a host, the FireSIGHT System web interface indicates the
source for the change in the Source Type field of the Servers table view of events or the Servers section
of the host profile.
source for the change in the Source Type field of the Servers table view of events or the Servers section
of the host profile.
Note
If the number of servers stored in the network map for a specific host exceeds 100, new server
information is ignored until servers are deleted from the host.
information is ignored until servers are deleted from the host.
Use this syntax:
SetService, ip_address, port, proto, server, vendor_str, version_str, vendor_id,
product_id, major, minor, revision, build, patch, extension
Or, to set a new product map before you set the server, use this syntax:
SetMap:map_name, SetService, ip_address, port, proto, server, vendor_str,
version_str, vendor_id, product_id, major, minor, revision, build, patch, extension
vendor_str
Supplies the operating system vendor display
name used by the third-party application.
name used by the third-party application.
No
string
product_str
Supplies the operating system product display
name used by the third-party application.
name used by the third-party application.
No
string
version_str
Supplies the operating system version display
name used by the third-party application.
name used by the third-party application.
No
string
vendor_id
Supplies the Cisco vendor definition.
No
uint32
product_id
Supplies the Cisco product definition.
No
uint32
major
Supplies the Cisco major version definition.
No
uint32
minor
Supplies the Cisco minor version definition.
No
uint32
revision
Supplies the Cisco revision string.
No
uint32
build
Supplies the Cisco build definition to map to.
No
string
patch
Supplies the Cisco patch definition to map to.
No
string
extension
Supplies the Cisco extension definition to map
to.
to.
No
string
Table 3-4
AddService Fields (continued)
Field
Description
Required
Values