Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
2-35
FireSIGHT System Host Input API Guide
Chapter 2 Using the Host Input API
Host Input API Functions
See
for an example of this function used
in a script.
Use this syntax:
SetCurrent3rdPartyMap($map_name)
where
$map_name
is the name of the third-party product map, enclosed in double quotes, that you created
using the Defense Center web interface.
UnsetCurrent3rdPartyMap
This function unsets the current active third-party map.
Use this syntax:
UnsetCurrent3rdPartyMap()
AddScanResult Function
This function adds scan results from a third-party vulnerability scanner and maps each vulnerability to
a BugTraq or CVE ID.
a BugTraq or CVE ID.
If you import a scan result with a vulnerability for a server on a host, but do not use
AddService
to import
the server to the host, the application protocol for the server will show a value of
unknown
in the host
profile. If you import scan results using this function, be sure to edit the source definition for the input
source in your network discovery policy to set the identity source type to Scanner.
source in your network discovery policy to set the identity source type to Scanner.
For examples of how to use
AddScanResult
,
, and
.
Use this syntax:
AddScanResult($scanner_id,$ipaddr,$mapping_vuln_list,$generic_item_list,$flag)
Table 2-31
AddScanResult Fields
Field
Description
Required
Allowed Values
$scanner_id
Indicates the scanner
ID for the scanner that
obtained the scan
results.
ID for the scanner that
obtained the scan
results.
Yes
“scanner_id”
where
scanner_id
is a string indicating the name of the scanner
that is the source of the vulnerability data you add.
To add scan results from a previously used scanner, indicate the
specific scanner name listed in system policies on the Defense
Center where you added the results.
specific scanner name listed in system policies on the Defense
Center where you added the results.
Adding results from a new scanner ID adds that scanner to the
system policy. New scanners are added as the lowest priority by
default. If you want to change the priority of the scanner, you
can do so in the system policy. For more information, see the
FireSIGHT System User Guide.
system policy. New scanners are added as the lowest priority by
default. If you want to change the priority of the scanner, you
can do so in the system policy. For more information, see the
FireSIGHT System User Guide.
$ipaddr
Indicates the IP
address of the scanned
hosts.
address of the scanned
hosts.
Yes
A comma-separated list of IP addresses, CIDR blocks, and
ranges of IP addresses, with each address, block, or range
enclosed in double quotes.
ranges of IP addresses, with each address, block, or range
enclosed in double quotes.