What is needed in order to write scripts for CSPM2.3.3i? Do you need to install a scripting language like Perl first? I would like to be able to write a script that emails me when a specific signature is triggered on the IDS sensor. Any suggestions or procedures would be appreciated. Thanks
Making scripts is essentially a custom operation, consequently there aren't any Cisco documents that show you how to make scripts for CSPM.
First, for context, refer to the link I provided earlier. It shows what arguments are available from CSPM for sending vial email or via a script.
Within that context, the following may be helpful:
All IDS script notifications are provided with the same argument list currently provided by eventd.
When the argument list is passed to the scripts, all arguments are passed and it is up to the script to parse these events as needed. The argument values
are separated using a space when passed to the command line. Just specify the name of the script in the subject line of the message box.
The following is a sample script that has been used, but which I have not tested. It is NOT supported by Cisco. Nevertheless, others have modified it as described and it worked fine for them. Good luck!
Here is a perl script and a batch file that will read the signatures file and put signature names in the subject of the email. To use, set the notification script to the batch file that launches it. You must edit the emailEvent.pl script to setup the email server and location of the CSPM installation of Postoffice. You must edit the emailEvent.bat file to point to the installed Perl interpreter and emailEvent.pl script. The version of perl must support email. You can get the latest free version for Win32 from http://aspn.activestate.com/ASPN/Downloads/ActivePerl/.
perl d:\n\emailEvent.pl %*
# This script receives an event notification then looks up the
# signature name in a "signatures" file. Next the script
# generates an email appending the signature name to the
# default subject. The contents of the email is the parsed
# arguments of the event notification with the addition of
Helps meet PCI* compliance.
Threat protection built into ISR and ISRv branch routers and CSR
Complements ISR Integrated Security
Lightweight IPS solution with low TCO (Total Cost of Ownership) and automated signature updates
Supports VRF (16.6)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...