Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
2-2
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Writing Host Input API Scripts
Setting the Source Type
After you declare use of the
HostInput
module, you must identify the source application for the data you
import as
“Application”
or
“Scanner”
. The system marks the source for data imported using this
designation as
Scanner: source_id
or
Application: source_id
. If you import scan results using this
function, be sure to edit the source definition for the input source in your network discovery policy to
set the identity source type to Scanner.For more information on setting the application or scanner name,
see
set the identity source type to Scanner.For more information on setting the application or scanner name,
see
.
Include the following code segment in your script:
# Set the Source Type
my $source_type_id =
SF::SFDataCorrelator::HostInput::GetSourceTypeIDByName('Application');
See
for an example of this command used in a script.
Obtaining a Source ID
Applications must set the application (or source) ID using the
SetCurrentSource(name)
function.
Use this syntax for the
SetCurrentSource
function:
SF::SFDataCorrelator::HostInput::SetCurrentSource ($source_type_id,"CustomApp");
where
“CustomApp”
is the application identification string you want to use to identify the imported data.
Include a code segment similar to the following in your script (using your application name in place of
"
"
CustomApp
"):
# Set the Application ID
SF::SFDataCorrelator::HostInput::SetCurrentSource ($source_type_id,"CustomApp");
# Retrieve the Application ID you set
my $source_id =
SF::SFDataCorrelator::HostInput::GetCurrentSource();
See
for an example of this command used in a script.
Required Fields
Each host input function requires either an address string (for specifying hosts by IPv4 or IPv6 address),
an attribute list (for specifying IP hosts by attribute value), or a MAC list (for specifying MAC only
hosts). The documentation for each function call indicates any additional required fields for that
function.
an attribute list (for specifying IP hosts by attribute value), or a MAC list (for specifying MAC only
hosts). The documentation for each function call indicates any additional required fields for that
function.
Note that fields are required only in that you must supply that information to make sure that the host
input succeeds and adds meaningful data to the network map. For example, you can add a fix to the
system without providing a fix identification number or fix name that matches an existing Cisco fix
definition and without mapping the third-party fix to a Cisco fix. However, even if that fix addresses
vulnerabilities on the host where you added it, those vulnerabilities cannot be marked invalid if the
system cannot map the fix to the vulnerabilities using a Cisco fix definition.
input succeeds and adds meaningful data to the network map. For example, you can add a fix to the
system without providing a fix identification number or fix name that matches an existing Cisco fix
definition and without mapping the third-party fix to a Cisco fix. However, even if that fix addresses
vulnerabilities on the host where you added it, those vulnerabilities cannot be marked invalid if the
system cannot map the fix to the vulnerabilities using a Cisco fix definition.
In general, supply as much information as possible for any data you import to ensure that the data can
be used for data correlation.
be used for data correlation.