HomePartnersTechnology Partners

Sourcefire API

eStreamer API – Accessing Sourcefire 3D® System Event Data

The eStreamer API allows other applications to receive all or selected Sourcefire event data automatically and in real time. Data can be automatically optimized for insertion into another database, and requests can be highly granular in the type and format of event elements. The API can also provide packet data associated with Snort® events and up-to-the-second asset data, particularly useful following a security event. The most common use for the eStreamer API is the integration of Sourcefire event data into SIM (Security Information Management) and SEM (Security Event Management) platforms primarily to perform correlation with other security products and to centralize the archiving of event data for audit and compliance purposes.

Remediation API – Turning Events into Action

The Remediation API allows other applications to receive detailed event data in the case of a user-configured policy violation. Events might be specific Snort or Sourcefire RNA® (Real-time Network Awareness) events, such as an unexpected operating system logging onto the network. The event data, in the form of a ‘Remediation Module,’ can convey pertinent information like the IP address of a device originating malicious behavior, a Snort event ID, and important time stamp information. These parameters can be used by many different applications and infrastructure to make changes or take corrective action in real time, for example, controlling network access (NAC) or changing configuration on a firewall or router in the event of an attack or abnormal behavior.

Host Input API – RNA Collaboration with Vulnerability Management Systems

Through passive discovery, Sourcefire RNA builds profiles of devices on the networks it is configured to monitor. These host profiles contain information including operating system, services, applications, and vulnerabilities. The Host Input API allows these profiles to be augmented with third-party information from virtually any application. Sourcefire customers can use this data to add vulnerability information obtained by other applications, such as vulnerability scanners, and other information useful for compliance.

Summary of Benefits

  • Easily share intrusion events with SIM/SEM platforms
  • Provide real-time asset information to forensic tools
  • Integrate with NAC technologies
  • Configure automatic and dynamic responses to specific security events
  • Combine third-party vulnerability data with RNA’s host profiles
  • Dynamically update asset and risk data