Cisco Cisco Firepower Management Center 4000 개발자 가이드
3-21
FireSIGHT System Host Input API Guide
Chapter 3 Using the Host Input Import Tool
Host Input Import Syntax
Scan Result Functions
You can use the host input import tool to add scan results to your Defense Center and to flush the added
results to the database. When adding a scan result you can map third-party vulnerabilities in the results
to CVE or BugTraq vulnerabilities.
results to the database. When adding a scan result you can map third-party vulnerabilities in the results
to CVE or BugTraq vulnerabilities.
See the following sections for more information:
•
•
•
•
AddScanResult Function
You can use the
AddScanResult
function to add scan results from a third-party vulnerability scanner and
map each vulnerability to a BugTraq or CVE ID. If you import scan results using this function, be sure
to edit the source definition for the input source in your network discovery policy to set the identity
source type to Scanner.
to edit the source definition for the input source in your network discovery policy to set the identity
source type to Scanner.
Use this syntax:
AddScanResult, ipaddr, 'scanner_id', vuln_id, port, protocol, 'name', 'description',
cve_ids, bugtraq_ids
Note
How results are added depends on whether you use the ScanUpdate or ScanFlush function. For more
information, refer to
information, refer to
and
proto
With the
port
field, identifies the
server affected by the
vulnerability on the host where
the import occurs.
vulnerability on the host where
the import occurs.
Yes, if the fix
applies to a server
applies to a server
Either the strings
tcp
or
udp
or the appropriate
protocol IDs
6
(tcp) or
17
(udp).
vuln_id
Indicates the vulnerability ID for
the vulnerability.
the vulnerability.
Yes
Valid Cisco vulnerability IDs, or mapped third-party
vulnerability IDs.
vulnerability IDs.
For third-party vulnerabilities, note that you must
map the third-party vulnerability ID and reference the
vulnerability map set in the
map the third-party vulnerability ID and reference the
vulnerability map set in the
vuln_type
field. For
more information, see
Table 3-18
SetValidVulns Fields (continued)
Field
Description
Required
Values