Cisco Cisco Firepower Management Center 4000 開発者ガイド
3-22
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
Table 3-19
AddScanResult Fields
Field
Description
Required
Allowed Values
ipaddr
Indicates the IP address of
the scanned host or hosts.
the scanned host or hosts.
Yes
A single IP address.
scanner_id
Indicates the scanner ID for
the scanner that obtained the
scan results.
the scanner that obtained the
scan results.
Yes
'scanner_id'
where
scanner_id
is a string indicating the name of the
scanner that is the source of the vulnerability data you add.
To add scan results from a previously used scanner, indicate
the specific scanner name listed in system policies on the
Defense Center where you added the results.
the specific scanner name listed in system policies on the
Defense Center where you added the results.
Adding results from a new scanner ID adds that scanner to the
system policy. New scanners are added as the lowest priority
by default. If you want to change the priority of the scanner,
you can do so in the system policy. For more information, see
the FireSIGHT System User Guide.
system policy. New scanners are added as the lowest priority
by default. If you want to change the priority of the scanner,
you can do so in the system policy. For more information, see
the FireSIGHT System User Guide.
vuln_id
Indicates the vulnerability
ID for the vulnerability.
ID for the vulnerability.
Yes
Valid Cisco vulnerability IDs, or mapped third-party
vulnerability IDs.
vulnerability IDs.
If this field, port, protocol, bugtraq_ids, and cve_ids are
empty, this is a generic scan result.
empty, this is a generic scan result.
port
With the
proto
field,
identifies the server affected
by the vulnerability on the
host where the import
occurs.
by the vulnerability on the
host where the import
occurs.
Yes, if the
vulnerability
applies to a
server
vulnerability
applies to a
server
Integers in the range of 1-65535.
proto
With the
port
field,
identifies the server affected
by the vulnerability on the
host where the import
occurs.
by the vulnerability on the
host where the import
occurs.
Yes, if the
vulnerability
applies to a
server
vulnerability
applies to a
server
Either the strings
tcp
or
udp
or the appropriate protocol IDs
6
(tcp) or
17
(udp).
name
The name of the
vulnerability being
imported.
vulnerability being
imported.
No
A string enclosed in single quotes; for example:
'Using NetBIOS to retrieve info from a Windows host'
description
The description of the
vulnerability being
imported.
vulnerability being
imported.
No
A string enclosed in single quotes; for example:
'The following 2 NetBIOS names have been gathered...'
cve_ids
Space-separated list of CVE
vulnerability IDs
vulnerability IDs
No
Valid CVE vulnerability IDs; for example,
'cve_ids:
CVE2003-0988'
.
If this field, port, protocol, vuln_id, and bugtraq_ids are
empty, this is a generic scan result.
empty, this is a generic scan result.
bugtraq_ids
Space-separated list of
BugTraq vulnerability IDs
BugTraq vulnerability IDs
No
Valid BugTraq vulnerability IDs; for example,
'bugtraq_ids:
9506'
.
If this field, port, protocol, vuln_id, and cve_ids are empty,
this is a generic scan result.
this is a generic scan result.