Cisco Firepower

Overview


Use the Cisco Firepower integration for unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. This integration was integrated and tested with version xx of Cisco Firepower

Supports FMC 6.2.3 and above

Authentication from a REST API Client Cisco recommends that you use different accounts for interfacing with the API and the Firepower User Interface. Credentials cannot be used for both interfaces simultaneously, and will be logged out without warning if used for both.

Configure Cisco Firepower on Demisto


  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Cisco Firepower.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server URL (e.g., https://192.168.0.1)
    • Username
    • Password
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.

Commands


You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. 1. ciscofp-list-zones 2. ciscofp-list-ports 3. ciscofp-list-url-categories 4. ciscofp-get-network-object 5. ciscofp-create-network-object 6. ciscofp-update-network-object 7. ciscofp-get-network-groups-object 8. ciscofp-create-network-groups-objects 9. ciscofp-update-network-groups-objects 10. ciscofp-delete-network-groups-objects 11. ciscofp-get-host-object 12. ciscofp-create-host-object 13. ciscofp-update-host-object 14. ciscofp-delete-network-object 15. ciscofp-delete-host-object 16. ciscofp-get-access-policy 17. ciscofp-create-access-policy 18. ciscofp-update-access-policy 19. ciscofp-delete-access-policy 20. ciscofp-list-security-group-tags 21. ciscofp-list-ise-security-group-tag 22. ciscofp-list-vlan-tags 23. ciscofp-list-vlan-tags-group 24. ciscofp-list-applications 25. ciscofp-get-access-rules 26. ciscofp-create-access-rules 27. ciscofp-update-access-rules 28. ciscofp-delete-access-rules 29. ciscofp-list-policy-assignments 30. ciscofp-create-policy-assignments 31. ciscofp-update-policy-assignments 32. ciscofp-get-deployable-devices 33. ciscofp-get-device-records 34. ciscofp-deploy-to-devices 35. ciscofp-get-task-status

1. ciscofp-list-zones


Retrieves a list of all security zone objects.

Base Command

ciscofp-list-zones

Input
Argument NameDescriptionRequired
limitThe number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.Zone.IDStringZone ID.
CiscoFP.Zone.NameStringZone name.
CiscoFP.Zone.InterfaceModeStringZone interface mode.
CiscoFP.Zone.Interfaces.NameStringName of interfaces belonging to the security zone.
CiscoFP.Zone.Interfaces.IDStringID of interfaces belonging to the security zone.
Command Example

!ciscofp-list-zones

Context Example
{
"CiscoFP.Zone": [
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217112",
"Name": "Ethernet1/6"
}
],
"ID": "e5156ab2-c736-11e8-bacb-8d7a1cfa386e",
"Name": "Trust"
},
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217113",
"Name": "Ethernet1/7"
}
],
"ID": "001e2d12-c737-11e8-bacb-8d7a1cfa386e",
"Name": "Untrust"
},
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217109",
"Name": "Ethernet1/3"
}
],
"ID": "5884acce-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Trust"
},
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217111",
"Name": "Ethernet1/5"
}
],
"ID": "6038978c-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Untrust"
},
{
"InterfaceMode": "INLINE",
"Interfaces": [],
"ID": "62c3f83a-305d-11ea-9d47-eda81976c864",
"Name": "arseny_zone"
}
]
}
Human Readable Output

Cisco Firepower - List zones:

IDNameInterfaceModeInterfaces
e5156ab2-c736-11e8-bacb-8d7a1cfa386eTrustROUTED1
001e2d12-c737-11e8-bacb-8d7a1cfa386eUntrustROUTED1
5884acce-ffdf-11e9-8a1b-81dfc51749cbL3-TrustROUTED1
6038978c-ffdf-11e9-8a1b-81dfc51749cbL3-UntrustROUTED1
62c3f83a-305d-11ea-9d47-eda81976c864arseny_zoneINLINE0

2. ciscofp-list-ports


Retrieves list of all port objects.

Base Command

ciscofp-list-ports

Input
Argument NameDescriptionRequired
limitThe number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.Port.IDStringPort ID.
CiscoFP.Port.NameStringPort name.
CiscoFP.Port.ProtocolStringPort protocol.
CiscoFP.Port.PortStringPort number.
Command Example

!ciscofp-list-ports

Context Example
{
"CiscoFP.Port": [
{
"Port": "5190",
"Protocol": "TCP",
"ID": "1834d812-38bb-11e2-86aa-62f0c593a59a",
"Name": "AOL"
},
{
"Port": "6881-6889",
"Protocol": "TCP",
"ID": "1834e5f0-38bb-11e2-86aa-62f0c593a59a",
"Name": "Bittorrent"
},
{
"Port": "53",
"Protocol": "TCP",
"ID": "1834e712-38bb-11e2-86aa-62f0c593a59a",
"Name": "DNS_over_TCP"
},
{
"Port": "53",
"Protocol": "UDP",
"ID": "1834e8ca-38bb-11e2-86aa-62f0c593a59a",
"Name": "DNS_over_UDP"
},
{
"Port": "21",
"Protocol": "TCP",
"ID": "1834c674-38bb-11e2-86aa-62f0c593a59a",
"Name": "FTP"
},
{
"Port": "80",
"Protocol": "TCP",
"ID": "18312adc-38bb-11e2-86aa-62f0c593a59a",
"Name": "HTTP"
},
{
"Port": "443",
"Protocol": "TCP",
"ID": "1834bd00-38bb-11e2-86aa-62f0c593a59a",
"Name": "HTTPS"
},
{
"Port": "143",
"Protocol": "TCP",
"ID": "1834c37c-38bb-11e2-86aa-62f0c593a59a",
"Name": "IMAP"
},
{
"Port": "389",
"Protocol": "TCP",
"ID": "1834d01a-38bb-11e2-86aa-62f0c593a59a",
"Name": "LDAP"
},
{
"Port": "2049",
"Protocol": "TCP",
"ID": "1834c9c6-38bb-11e2-86aa-62f0c593a59a",
"Name": "NFSD-TCP"
},
{
"Port": "2049",
"Protocol": "UDP",
"ID": "1834caac-38bb-11e2-86aa-62f0c593a59a",
"Name": "NFSD-UDP"
},
{
"Port": "123",
"Protocol": "TCP",
"ID": "1834cb92-38bb-11e2-86aa-62f0c593a59a",
"Name": "NTP-TCP"
},
{
"Port": "123",
"Protocol": "UDP",
"ID": "1834cc96-38bb-11e2-86aa-62f0c593a59a",
"Name": "NTP-UDP"
},
{
"Port": "109",
"Protocol": "TCP",
"ID": "1834c462-38bb-11e2-86aa-62f0c593a59a",
"Name": "POP-2"
},
{
"Port": "110",
"Protocol": "TCP",
"ID": "1834c548-38bb-11e2-86aa-62f0c593a59a",
"Name": "POP-3"
},
{
"Port": "443",
"Protocol": "UDP",
"ID": "000C29A8-BA3B-0ed3-0000-034359739875",
"Name": "quic"
},
{
"Port": "80",
"Protocol": "UDP",
"ID": "000C29A8-BA3B-0ed3-0000-034359739893",
"Name": "quic80"
},
{
"Port": "1645",
"Protocol": "UDP",
"ID": "1834ce94-38bb-11e2-86aa-62f0c593a59a",
"Name": "RADIUS"
},
{
"Port": "520",
"Protocol": "UDP",
"ID": "1834d114-38bb-11e2-86aa-62f0c593a59a",
"Name": "RIP"
},
{
"Port": "5060",
"Protocol": "UDP",
"ID": "1834d204-38bb-11e2-86aa-62f0c593a59a",
"Name": "SIP"
},
{
"Port": "25",
"Protocol": "TCP",
"ID": "1834bf44-38bb-11e2-86aa-62f0c593a59a",
"Name": "SMTP"
},
{
"Port": "465",
"Protocol": "TCP",
"ID": "1834c07a-38bb-11e2-86aa-62f0c593a59a",
"Name": "SMTPS"
},
{
"Port": "161",
"Protocol": "UDP",
"ID": "1834c264-38bb-11e2-86aa-62f0c593a59a",
"Name": "SNMP"
},
{
"Port": "22",
"Protocol": "TCP",
"ID": "1834c890-38bb-11e2-86aa-62f0c593a59a",
"Name": "SSH"
},
{
"Port": "514",
"Protocol": "UDP",
"ID": "1834d6e6-38bb-11e2-86aa-62f0c593a59a",
"Name": "SYSLOG"
},
{
"Port": "1021-65535",
"Protocol": "TCP",
"ID": "1834e50a-38bb-11e2-86aa-62f0c593a59a",
"Name": "TCP_high_ports"
},
{
"Port": "23",
"Protocol": "TCP",
"ID": "28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee",
"Name": "TELNET"
},
{
"Port": "69",
"Protocol": "UDP",
"ID": "1834d5e2-38bb-11e2-86aa-62f0c593a59a",
"Name": "TFTP"
},
{
"Port": "5050",
"Protocol": "TCP",
"ID": "1834da1a-38bb-11e2-86aa-62f0c593a59a",
"Name": "Yahoo_Messenger_Messages"
},
{
"Port": "5000-5001",
"Protocol": "TCP",
"ID": "1834db96-38bb-11e2-86aa-62f0c593a59a",
"Name": "YahooMessenger_Voice_Chat_TCP"
},
{
"Port": "5000-5010",
"Protocol": "UDP",
"ID": "1834dc86-38bb-11e2-86aa-62f0c593a59a",
"Name": "YahooMessenger_Voice_Chat_UDP"
}
]
}
Human Readable Output

Cisco Firepower - List ports:

IDNameProtocolPort
1834d812-38bb-11e2-86aa-62f0c593a59aAOLTCP5190
1834e5f0-38bb-11e2-86aa-62f0c593a59aBittorrentTCP6881-6889
1834e712-38bb-11e2-86aa-62f0c593a59aDNS_over_TCPTCP53
1834e8ca-38bb-11e2-86aa-62f0c593a59aDNS_over_UDPUDP53
1834c674-38bb-11e2-86aa-62f0c593a59aFTPTCP21
18312adc-38bb-11e2-86aa-62f0c593a59aHTTPTCP80
1834bd00-38bb-11e2-86aa-62f0c593a59aHTTPSTCP443
1834c37c-38bb-11e2-86aa-62f0c593a59aIMAPTCP143
1834d01a-38bb-11e2-86aa-62f0c593a59aLDAPTCP389
1834c9c6-38bb-11e2-86aa-62f0c593a59aNFSD-TCPTCP2049
1834caac-38bb-11e2-86aa-62f0c593a59aNFSD-UDPUDP2049
1834cb92-38bb-11e2-86aa-62f0c593a59aNTP-TCPTCP123
1834cc96-38bb-11e2-86aa-62f0c593a59aNTP-UDPUDP123
1834c462-38bb-11e2-86aa-62f0c593a59aPOP-2TCP109
1834c548-38bb-11e2-86aa-62f0c593a59aPOP-3TCP110
000C29A8-BA3B-0ed3-0000-034359739875quicUDP443
000C29A8-BA3B-0ed3-0000-034359739893quic80UDP80
1834ce94-38bb-11e2-86aa-62f0c593a59aRADIUSUDP1645
1834d114-38bb-11e2-86aa-62f0c593a59aRIPUDP520
1834d204-38bb-11e2-86aa-62f0c593a59aSIPUDP5060
1834bf44-38bb-11e2-86aa-62f0c593a59aSMTPTCP25
1834c07a-38bb-11e2-86aa-62f0c593a59aSMTPSTCP465
1834c264-38bb-11e2-86aa-62f0c593a59aSNMPUDP161
1834c890-38bb-11e2-86aa-62f0c593a59aSSHTCP22
1834d6e6-38bb-11e2-86aa-62f0c593a59aSYSLOGUDP514
1834e50a-38bb-11e2-86aa-62f0c593a59aTCP_high_portsTCP1021-65535
28e058e4-43b0-11e2-9bcd-7c2f9ed9bbeeTELNETTCP23
1834d5e2-38bb-11e2-86aa-62f0c593a59aTFTPUDP69
1834da1a-38bb-11e2-86aa-62f0c593a59aYahoo_Messenger_MessagesTCP5050
1834db96-38bb-11e2-86aa-62f0c593a59aYahooMessenger_Voice_Chat_TCPTCP5000-5001
1834dc86-38bb-11e2-86aa-62f0c593a59aYahooMessenger_Voice_Chat_UDPUDP5000-5010

3. ciscofp-list-url-categories


Retrieves a list of all URL category objects.

Base Command

ciscofp-list-url-categories

Input
Argument NameDescriptionRequired
limitThe number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.Category.IDStringID of the category.
CiscoFP.Category.NameStringName of the category.
Command Example

!ciscofp-list-url-categories

Context Example
{
"CiscoFP.Category": [
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02054",
"Name": "Pornography"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02042",
"Name": "Spiritual Healing"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02033",
"Name": "Tasteless or Obscene"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02005",
"Name": "Shopping"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02016",
"Name": "Hate Speech"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02082",
"Name": "Digital Postcards"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02028",
"Name": "Online Trading"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02034",
"Name": "Lotteries"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02071",
"Name": "File Transfer Services"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02043",
"Name": "Tattoos"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02029",
"Name": "Paranormal and Occult"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02064",
"Name": "Child Abuse Content"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02007",
"Name": "Games"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02037",
"Name": "Web Hosting"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02013",
"Name": "Nature"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02066",
"Name": "Online Storage and Backup"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02070",
"Name": "Mobile Phones"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02012",
"Name": "Science and Technology"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02022",
"Name": "Illegal Activities"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02080",
"Name": "SaaS and B2B"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02092",
"Name": "Parked Domains"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02008",
"Name": "Sports and Recreation"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02001",
"Name": "Education"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02024",
"Name": "Online Communities"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02096",
"Name": "Test Category 3"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02031",
"Name": "Lingerie and Swimsuits"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02051",
"Name": "Cheating and Plagiarism"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02050",
"Name": "Hacking"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02017",
"Name": "Reference"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02076",
"Name": "Fashion"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02025",
"Name": "Filter Avoidance"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02083",
"Name": "Politics"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02067",
"Name": "Internet Telephony"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02097",
"Name": "DIY Projects"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02093",
"Name": "Entertainment"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02077",
"Name": "Alcohol"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02039",
"Name": "Instant Messaging"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02036",
"Name": "Weapons"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02075",
"Name": "Extreme"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02009",
"Name": "Health and Nutrition"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02015",
"Name": "Finance"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02074",
"Name": "Astrology"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02081",
"Name": "Personal Sites"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02073",
"Name": "Streaming Audio"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02084",
"Name": "Illegal Downloads"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02006",
"Name": "Adult"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02061",
"Name": "Dining and Drinking"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02026",
"Name": "Streaming Media"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02085",
"Name": "Organizational Email"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02020",
"Name": "Search Engines and Portals"
}
]
}
Human Readable Output

Cisco Firepower - List url categories:

IDName
abba9b63-bb10-4729-b901-2e2aa0f02054Pornography
abba9b63-bb10-4729-b901-2e2aa0f02042Spiritual Healing
abba9b63-bb10-4729-b901-2e2aa0f02033Tasteless or Obscene
abba9b63-bb10-4729-b901-2e2aa0f02005Shopping
abba9b63-bb10-4729-b901-2e2aa0f02016Hate Speech
abba9b63-bb10-4729-b901-2e2aa0f02082Digital Postcards
abba9b63-bb10-4729-b901-2e2aa0f02028Online Trading
abba9b63-bb10-4729-b901-2e2aa0f02034Lotteries
abba9b63-bb10-4729-b901-2e2aa0f02071File Transfer Services
abba9b63-bb10-4729-b901-2e2aa0f02043Tattoos
abba9b63-bb10-4729-b901-2e2aa0f02029Paranormal and Occult
abba9b63-bb10-4729-b901-2e2aa0f02064Child Abuse Content
abba9b63-bb10-4729-b901-2e2aa0f02007Games
abba9b63-bb10-4729-b901-2e2aa0f02037Web Hosting
abba9b63-bb10-4729-b901-2e2aa0f02013Nature
abba9b63-bb10-4729-b901-2e2aa0f02066Online Storage and Backup
abba9b63-bb10-4729-b901-2e2aa0f02070Mobile Phones
abba9b63-bb10-4729-b901-2e2aa0f02012Science and Technology
abba9b63-bb10-4729-b901-2e2aa0f02022Illegal Activities
abba9b63-bb10-4729-b901-2e2aa0f02080SaaS and B2B
abba9b63-bb10-4729-b901-2e2aa0f02092Parked Domains
abba9b63-bb10-4729-b901-2e2aa0f02008Sports and Recreation
abba9b63-bb10-4729-b901-2e2aa0f02001Education
abba9b63-bb10-4729-b901-2e2aa0f02024Online Communities
abba9b63-bb10-4729-b901-2e2aa0f02096Test Category 3
abba9b63-bb10-4729-b901-2e2aa0f02031Lingerie and Swimsuits
abba9b63-bb10-4729-b901-2e2aa0f02051Cheating and Plagiarism
abba9b63-bb10-4729-b901-2e2aa0f02050Hacking
abba9b63-bb10-4729-b901-2e2aa0f02017Reference
abba9b63-bb10-4729-b901-2e2aa0f02076Fashion
abba9b63-bb10-4729-b901-2e2aa0f02025Filter Avoidance
abba9b63-bb10-4729-b901-2e2aa0f02083Politics
abba9b63-bb10-4729-b901-2e2aa0f02067Internet Telephony
abba9b63-bb10-4729-b901-2e2aa0f02097DIY Projects
abba9b63-bb10-4729-b901-2e2aa0f02093Entertainment
abba9b63-bb10-4729-b901-2e2aa0f02077Alcohol
abba9b63-bb10-4729-b901-2e2aa0f02039Instant Messaging
abba9b63-bb10-4729-b901-2e2aa0f02036Weapons
abba9b63-bb10-4729-b901-2e2aa0f02075Extreme
abba9b63-bb10-4729-b901-2e2aa0f02009Health and Nutrition
abba9b63-bb10-4729-b901-2e2aa0f02015Finance
abba9b63-bb10-4729-b901-2e2aa0f02074Astrology
abba9b63-bb10-4729-b901-2e2aa0f02081Personal Sites
abba9b63-bb10-4729-b901-2e2aa0f02073Streaming Audio
abba9b63-bb10-4729-b901-2e2aa0f02084Illegal Downloads
abba9b63-bb10-4729-b901-2e2aa0f02006Adult
abba9b63-bb10-4729-b901-2e2aa0f02061Dining and Drinking
abba9b63-bb10-4729-b901-2e2aa0f02026Streaming Media
abba9b63-bb10-4729-b901-2e2aa0f02085Organizational Email
abba9b63-bb10-4729-b901-2e2aa0f02020Search Engines and Portals

4. ciscofp-get-network-object


Retrieves the network objects associated with the specified ID. If not supplied, retrieves a list of all network objects.

Base Command

ciscofp-get-network-object

Input
Argument NameDescriptionRequired
object_idObject ID.Optional
limitThe number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.Network.IDStringID of network object
CiscoFP.Network.NameStringName of network object
CiscoFP.Network.ValueStringCIDR
CiscoFP.Network.OverrideableStringBoolean indicating whether object can be overridden.
CiscoFP.Network.DescriptionStringDescription of the network object.
Command Example

!ciscofp-get-network-object

Context Example
{
"CiscoFP.Network": [
{
"Name": "0",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053261"
},
{
"Name": "1",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053289"
},
{
"Name": "2",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053308"
},
{
"Name": "any-ipv4",
"Overridable": false,
"Description": " ",
"Value": "0.0.0.0/0",
"ID": "cb7116e8-66a6-480b-8f9b-295191a0940a"
},
{
"Name": "demo1",
"Overridable": false,
"Description": " ",
"Value": "10.0.0.0/10",
"ID": "000C29A8-BA3B-0ed3-0000-124554061004"
},
{
"Name": "Internal-LAN-Network",
"Overridable": false,
"Description": " ",
"Value": "192.168.1.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-030064772538"
},
{
"Name": "IPv4-Benchmark-Tests",
"Overridable": false,
"Description": " ",
"Value": "198.18.0.0/15",
"ID": "86caab8a-9bdd-420d-858b-5690fde8ce58"
},
{
"Name": "IPv4-Link-Local",
"Overridable": false,
"Description": " ",
"Value": "169.254.0.0/16",
"ID": "f0ce41ae-6ee9-4e00-8762-da9370c4fee5"
},
{
"Name": "IPv4-Multicast",
"Overridable": false,
"Description": " ",
"Value": "224.0.0.0/4",
"ID": "5622db1c-5cd5-4199-a4c8-d8f86dec3bd4"
},
{
"Name": "IPv4-Private-10.0.0.0-8",
"Overridable": false,
"Description": " ",
"Value": "10.0.0.0/8",
"ID": "95916354-5aa1-4057-8eea-b42a5a207abc"
},
{
"Name": "IPv4-Private-172.16.0.0-12",
"Overridable": false,
"Description": " ",
"Value": "172.16.0.0/12",
"ID": "b7a78a7d-20c5-47b2-b02f-86b4360112ac"
},
{
"Name": "IPv4-Private-192.168.0.0-16",
"Overridable": false,
"Description": " ",
"Value": "192.168.0.0/16",
"ID": "1dcefdd8-07f7-438a-9221-97d63710614e"
},
{
"Name": "IPv6-IPv4-Mapped",
"Overridable": false,
"Description": " ",
"Value": "::ffff:0.0.0.0/96",
"ID": "1047b91f-db3a-45b8-9c10-f48ed3f0c3d6"
},
{
"Name": "IPv6-Link-Local",
"Overridable": false,
"Description": " ",
"Value": "fe80::/10",
"ID": "192c14f2-39d9-409d-81e9-357793bdf1ec"
},
{
"Name": "IPv6-Private-Unique-Local-Addresses",
"Overridable": false,
"Description": " ",
"Value": "fc00::/7",
"ID": "0434674f-87f8-4e17-810e-97100407858b"
},
{
"Name": "IPv6-to-IPv4-Relay-Anycast",
"Overridable": false,
"Description": " ",
"Value": "192.88.99.0/24",
"ID": "04ea3f1f-f5a9-4eca-b051-487ebeb4c97f"
},
{
"Name": "n5n",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053215"
},
{
"Name": "nn",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053196"
},
{
"Name": "nnkn",
"Overridable": false,
"Description": "jjj",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053177"
},
{
"Name": "nnn",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053149"
},
{
"Name": "playbookTest",
"Overridable": false,
"Description": "my",
"Value": "10.0.0.0/22",
"ID": "000C29A8-BA3B-0ed3-0000-133143990065"
},
{
"Name": "playbookTestUpdate",
"Overridable": true,
"Description": "my",
"Value": "10.0.0.0/23",
"ID": "000C29A8-BA3B-0ed3-0000-124554053327"
},
{
"Name": "rrr",
"Overridable": false,
"Description": " ",
"Value": "10.0.0.0/22",
"ID": "000C29A8-BA3B-0ed3-0000-124554056653"
}
]
}
Human Readable Output

Cisco Firepower - List network objects:

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-12455405326101.0.0.0/24false
000C29A8-BA3B-0ed3-0000-12455405328911.0.0.0/24false
000C29A8-BA3B-0ed3-0000-12455405330821.0.0.0/24false
cb7116e8-66a6-480b-8f9b-295191a0940aany-ipv40.0.0.0/0false
000C29A8-BA3B-0ed3-0000-124554061004demo110.0.0.0/10false
000C29A8-BA3B-0ed3-0000-030064772538Internal-LAN-Network192.168.1.0/24false
86caab8a-9bdd-420d-858b-5690fde8ce58IPv4-Benchmark-Tests198.18.0.0/15false
f0ce41ae-6ee9-4e00-8762-da9370c4fee5IPv4-Link-Local169.254.0.0/16false
5622db1c-5cd5-4199-a4c8-d8f86dec3bd4IPv4-Multicast224.0.0.0/4false
95916354-5aa1-4057-8eea-b42a5a207abcIPv4-Private-10.0.0.0-810.0.0.0/8false
b7a78a7d-20c5-47b2-b02f-86b4360112acIPv4-Private-172.16.0.0-12172.16.0.0/12false
1dcefdd8-07f7-438a-9221-97d63710614eIPv4-Private-192.168.0.0-16192.168.0.0/16false
1047b91f-db3a-45b8-9c10-f48ed3f0c3d6IPv6-IPv4-Mapped::ffff:0.0.0.0/96false
192c14f2-39d9-409d-81e9-357793bdf1ecIPv6-Link-Localfe80::/10false
0434674f-87f8-4e17-810e-97100407858bIPv6-Private-Unique-Local-Addressesfc00::/7false
04ea3f1f-f5a9-4eca-b051-487ebeb4c97fIPv6-to-IPv4-Relay-Anycast192.88.99.0/24false
000C29A8-BA3B-0ed3-0000-124554053215n5n1.0.0.0/24false
000C29A8-BA3B-0ed3-0000-124554053196nn1.0.0.0/24false
000C29A8-BA3B-0ed3-0000-124554053177nnkn1.0.0.0/24falsejjj
000C29A8-BA3B-0ed3-0000-124554053149nnn1.0.0.0/24false
000C29A8-BA3B-0ed3-0000-133143990065playbookTest10.0.0.0/22falsemy
000C29A8-BA3B-0ed3-0000-124554053327playbookTestUpdate10.0.0.0/23truemy
000C29A8-BA3B-0ed3-0000-124554056653rrr10.0.0.0/22false

5. ciscofp-create-network-object


Creates a network object.

Base Command

ciscofp-create-network-object

Input
Argument NameDescriptionRequired
nameThe name of the new object.Required
valueCIDRRequired
descriptionThe object description.Optional
overridableBoolean indicating whether objects can be overridden. Can be "true" or "false". The default is "false".Optional
Context Output
PathTypeDescription
CiscoFP.Network.IDStringID of network object.
CiscoFP.Network.NameStringName of network object.
CiscoFP.Network.ValueStringCIDR.
CiscoFP.Network.OverridableStringBoolean indicating whether the object can be overridden.
CiscoFP.Network.DescriptionStringDescription of the network object.
Command Example

!ciscofp-create-network-object name=newTest232 value=10.0.0.0/22 description=test overridable=false

Context Example
{
"CiscoFP.Network": {
"Name": "newTest232",
"Overridable": false,
"Description": "test",
"Value": "10.0.0.0/22",
"ID": "000C29A8-BA3B-0ed3-0000-133143990579"
}
}
Human Readable Output

Cisco Firepower - network object has been created.

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-133143990579newTest23210.0.0.0/22falsetest

6. ciscofp-update-network-object


Updates the specified network object.

Base Command

ciscofp-update-network-object

Input
Argument NameDescriptionRequired
idID of the object to update.Required
nameThe object name.Required
valueCIDRRequired
descriptionThe object description.Optional
overridableBoolean indicating whether the object can be overridden.Optional
Context Output
PathTypeDescription
CiscoFP.Network.IDStringID of the network object.
CiscoFP.Network.NameStringName of the network object.
CiscoFP.Network.ValueStringCIDR.
CiscoFP.Network.OverridableStringBoolean indicating whether the object can be overridden.
CiscoFP.Network.DescriptionStringDescription of the network object.
Command Example

!ciscofp-update-network-object id=000C29A8-BA3B-0ed3-0000-124554053327 name=playbookTestUpdate value=10.0.0.0/23 description=my playbook test overridable=true

Context Example
{
"CiscoFP.Network": {
"Name": "playbookTestUpdate",
"Overridable": true,
"Description": "my",
"Value": "10.0.0.0/23",
"ID": "000C29A8-BA3B-0ed3-0000-124554053327"
}
}
Human Readable Output

Cisco Firepower - network object has been updated.

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-124554053327playbookTestUpdate10.0.0.0/23truemy

7. ciscofp-get-network-groups-object


Retrieves the groups of network objects and addresses associated with the specified ID. If not supplied, retrieves a list of all network objects.

Base Command

ciscofp-get-network-groups-object

Input
Argument NameDescriptionRequired
idID of the object group for which to return groups and addresses.Optional
limitThe number of items to return. The default is 50.Optional
offsetIndex of the first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.NetworkGroups.IDStringThe group ID.
CiscoFP.NetworkGroups.NameStringThe group name.
CiscoFP.NetworkGroups.OverridableStringBoolean indicating whether the object can be overridden.
CiscoFP.NetworkGroups.DescriptionStringThe group description.
CiscoFP.NetworkGroups.Addresses.ValueStringIP address / CIDR range.
CiscoFP.NetworkGroups.Addresses.TypeStringThe address type.
CiscoFP.NetworkGroups.Objects.NameStringThe object name.
CiscoFP.NetworkGroups.Objects.IDStringThe object ID.
CiscoFP.NetworkGroups.Objects.TypeStringThe object type.
Command Example

!ciscofp-get-network-groups-object

Context Example
{
"CiscoFP.NetworkGroups": [
{
"Name": "any",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "69fa2a3a-4487-4e3c-816f-4098f684826e",
"Addresses": [
{
"Type": "Network",
"Value": "0.0.0.0/0"
},
{
"Type": "Host",
"Value": "::/0"
}
]
},
{
"Name": "arseny_group",
"Overridable": false,
"Objects": [
{
"Type": "Host",
"ID": "000C29A8-BA3B-0ed3-0000-124554052144",
"Name": "playbookTestUpdate2"
},
{
"Type": "Network",
"ID": "0434674f-87f8-4e17-810e-97100407858b",
"Name": "IPv6-Private-Unique-Local-Addresses"
},
{
"Type": "Network",
"ID": "1047b91f-db3a-45b8-9c10-f48ed3f0c3d6",
"Name": "IPv6-IPv4-Mapped"
}
],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554052162",
"Addresses": []
},
{
"Name": "ee",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.1.2.2"
}
]
},
{
"Name": "eee",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554053489",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.1.2.2"
}
]
},
{
"Name": "IPv4-Private-All-RFC1918",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "15b12b14-dace-4117-b9d9-a9a7dcfa356f",
"Addresses": [
{
"Type": "Network",
"Value": "10.0.0.0/8"
},
{
"Type": "Network",
"Value": "172.16.0.0/12"
},
{
"Type": "Network",
"Value": "192.168.0.0/16"
}
]
}
]
}
Human Readable Output

Cisco Firepower - List of network groups object:

IDNameOverridableDescriptionAddressesObjects
69fa2a3a-4487-4e3c-816f-4098f684826eanyfalse20
000C29A8-BA3B-0ed3-0000-124554052162arseny_groupfalse03
000C29A8-BA3B-0ed3-0000-124554053470eefalse20
000C29A8-BA3B-0ed3-0000-124554053489eeefalse20
15b12b14-dace-4117-b9d9-a9a7dcfa356fIPv4-Private-All-RFC1918false30

8. ciscofp-create-network-groups-objects


Creates a group of network objects.

Base Command

ciscofp-create-network-groups-objects

Input
Argument NameDescriptionRequired
nameThe group name.Required
network_objects_id_listA comma-separated list of object IDs to add to the group.Optional
network_address_listA comma-separated list of IP addresses or CIDR ranges to add the group.Optional
descriptionThe object description.Optional
overridableBoolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false".Optional
Context Output
PathTypeDescription
CiscoFP.NetworkGroups.IDStringThe group ID.
CiscoFP.NetworkGroups.NameStringThe group name.
CiscoFP.NetworkGroups.OverridableStringBoolean indicating whether the object can be overridden.
CiscoFP.NetworkGroups.DescriptionStringThe group description.
CiscoFP.NetworkGroups.Addresses.ValueStringIP address or CIDR range.
CiscoFP.NetworkGroups.Addresses.TypeStringThe address type.
CiscoFP.NetworkGroups.Objects.NameStringThe object name.
CiscoFP.NetworkGroups.Objects.IDStringThe object ID.
CiscoFP.NetworkGroups.Objects.TypeStringThe object type.
Command Example

!ciscofp-create-network-groups-objects name=playbookTest3 network_address_list=8.8.8.8,4.4.4.4 description=my playbook test overridable=true

Context Example
{
"CiscoFP.NetworkGroups": {
"Name": "playbookTest3",
"Overridable": true,
"Objects": [],
"Description": "my",
"ID": "000C29A8-BA3B-0ed3-0000-133143990785",
"Addresses": [
{
"Type": "Host",
"Value": "8.8.8.8"
},
{
"Type": "Host",
"Value": "4.4.4.4"
}
]
}
}
Human Readable Output

Cisco Firepower - network group has been created.

IDNameOverridableDescriptionAddressesObjects
000C29A8-BA3B-0ed3-0000-133143990785playbookTest3truemy20

9. ciscofp-update-network-groups-objects


Updates a group of network objects.

Base Command

ciscofp-update-network-groups-objects

Input
Argument NameDescriptionRequired
idThe ID of the group to update.Required
network_objects_id_listA comma-separated list of object IDs to add the group.Optional
network_address_listA comma-separated list of IP addresses or CIDR ranges to add the group.Optional
descriptionThe new description for the object.Optional
overridableBoolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false".Optional
nameThe group name.Required
Context Output
PathTypeDescription
CiscoFP.NetworkGroups.IDStringThe group ID.
CiscoFP.NetworkGroups.NameStringThe group name.
CiscoFP.NetworkGroups.OverridableStringBoolean indicating whether objects can be overridden.
CiscoFP.NetworkGroups.DescriptionStringThe group description.
CiscoFP.NetworkGroups.Addresses.ValueStringIP address or CIDR range.
CiscoFP.NetworkGroups.Addresses.TypeStringThe address type.
CiscoFP.NetworkGroups.Objects.NameStringThe object name.
CiscoFP.NetworkGroups.Objects.IDStringThe object ID.
CiscoFP.NetworkGroups.Objects.TypeStringThe object type.
Command Example

!ciscofp-update-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053470 network_address_list=1.2.3.4,1.2.3.5 description=my playbook test overridable=true name=rrrff

Context Example
{
"CiscoFP.NetworkGroups": {
"Name": "rrrff",
"Overridable": true,
"Objects": [],
"Description": "my",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.2.3.5"
}
]
}
}
Human Readable Output

Cisco Firepower - network group has been updated.

IDNameOverridableDescriptionAddressesObjects
000C29A8-BA3B-0ed3-0000-124554053470rrrfftruemy20

10. ciscofp-delete-network-groups-objects


Deletes a group of network objects.

Base Command

ciscofp-delete-network-groups-objects

Input
Argument NameDescriptionRequired
idID of the object to delete.Required
Context Output
PathTypeDescription
CiscoFP.NetworkGroups.IDStringThe group ID.
CiscoFP.NetworkGroups.NameStringThe group name.
CiscoFP.NetworkGroups.OverridableStringBoolean indicating whether object values can be overridden.
CiscoFP.NetworkGroups.DescriptionStringThe group description.
CiscoFP.NetworkGroups.Addresses.ValueStringIP address or CIDR range.
CiscoFP.NetworkGroups.Addresses.TypeStringThe address type.
CiscoFP.NetworkGroups.Objects.NameStringThe object name
CiscoFP.NetworkGroups.Objects.IDStringThe object ID.
CiscoFP.NetworkGroups.Objects.TypeStringThe object type.
Command Example

!ciscofp-delete-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053489

Context Example
{
"CiscoFP.NetworkGroups": {
"Name": "eee",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554053489",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.1.2.2"
}
]
}
}
Human Readable Output

Cisco Firepower - network group - 000C29A8-BA3B-0ed3-0000-124554053489 - has been delete.

IDNameOverridableDescriptionAddressesObjects
000C29A8-BA3B-0ed3-0000-124554053489eeefalse20

11. ciscofp-get-host-object


Retrieves the groups of host objects associated with the specified ID. If no ID is passed, the input ID retrieves a list of all network objects.

Base Command

ciscofp-get-host-object

Input
Argument NameDescriptionRequired
object_idID of the object for which to retrieve host objects.Optional
limitNumber of items to return. The default is 50Optional
offsetIndex of the first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.Host.IDStringID of the host object.
CiscoFP.Host.NameStringName of host object.
CiscoFP.Host.ValueStringThe IP address.
CiscoFP.Host.OverridableStringBoolean indicating whether object values can be overridden.
CiscoFP.Host.DescriptionStringA description of the host object.
Command Example

!ciscofp-get-host-object

Context Example
{
"CiscoFP.Host": [
{
"Name": "any-ipv6",
"Overridable": false,
"Description": " ",
"Value": "::/0",
"ID": "dde11d62-288b-4b4c-92e0-1dad0496f14b"
},
{
"Name": "playbookTest2",
"Overridable": false,
"Description": "my",
"Value": "1.2.3.4",
"ID": "000C29A8-BA3B-0ed3-0000-133143990104"
},
{
"Name": "playbookTestUpdate2",
"Overridable": true,
"Description": "my",
"Value": "1.2.3.5",
"ID": "000C29A8-BA3B-0ed3-0000-124554052144"
},
{
"Name": "SyslogServer",
"Overridable": false,
"Description": " ",
"Value": "10.8.51.161",
"ID": "000C29A8-BA3B-0ed3-0000-103079216589"
}
]
}
Human Readable Output

Cisco Firepower - List host objects:

IDNameValueOverridableDescription
dde11d62-288b-4b4c-92e0-1dad0496f14bany-ipv6::/0false
000C29A8-BA3B-0ed3-0000-133143990104playbookTest21.2.3.4falsemy
000C29A8-BA3B-0ed3-0000-124554052144playbookTestUpdate21.2.3.5truemy
000C29A8-BA3B-0ed3-0000-103079216589SyslogServer10.8.51.161false

12. ciscofp-create-host-object


Creates a host object.

Base Command

ciscofp-create-host-object

Input
Argument NameDescriptionRequired
nameThe name of the new object.Required
valueThe IP address.Required
descriptionA description of the new object.Optional
overridableBoolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false".Optional
Context Output
PathTypeDescription
CiscoFP.Host.IDStringID of the host object.
CiscoFP.Host.NameStringName of the host object.
CiscoFP.Host.ValueStringThe IP address.
CiscoFP.Host.OverridableStringBoolean indicating whether object values can be overridden.
CiscoFP.Host.DescriptionStringDescription of the host object.
Command Example

!ciscofp-create-host-object name=newTest322 value=1.2.3.4 description=test overridable=false

Context Example
{
"CiscoFP.Host": {
"Name": "newTest322",
"Overridable": false,
"Description": "test",
"Value": "1.2.3.4",
"ID": "000C29A8-BA3B-0ed3-0000-133143990598"
}
}
Human Readable Output

Cisco Firepower - host object has been created.

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-133143990598newTest3221.2.3.4falsetest

13. ciscofp-update-host-object


Updates the specified host object.

Base Command

ciscofp-update-host-object

Input
Argument NameDescriptionRequired
idID of the object to update.Required
nameName of the object.Required
valueThe IP address.Required
descriptionDescription of the object.Optional
overridableBoolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false".Optional
Context Output
PathTypeDescription
CiscoFP.Host.IDStringID of the host object.
CiscoFP.Host.NameStringName of the host object.
CiscoFP.Host.ValueStringThe IP address.
CiscoFP.Host.OverridableStringBoolean indicating whether object values can be overridden.
CiscoFP.Host.DescriptionStringDescription of the host object.
Command Example

!ciscofp-update-host-object id=000C29A8-BA3B-0ed3-0000-124554052144 name=playbookTestUpdate2 value=1.2.3.5 description=my playbook test overridable=true

Context Example
{
"CiscoFP.Host": {
"Name": "playbookTestUpdate2",
"Overridable": true,
"Description": "my",
"Value": "1.2.3.5",
"ID": "000C29A8-BA3B-0ed3-0000-124554052144"
}
}
Human Readable Output

Cisco Firepower - host object has been updated.

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-124554052144playbookTestUpdate21.2.3.5truemy

14. ciscofp-delete-network-object


Deletes the specified network object.

Base Command

ciscofp-delete-network-object

Input
Argument NameDescriptionRequired
idID of the object to delete.Required
Context Output
PathTypeDescription
CiscoFP.Network.IDStringID of the network object.
CiscoFP.Network.NameStringName of the network object.
CiscoFP.Network.ValueStringCISR range.
CiscoFP.Network.OverridableStringBoolean indicating whether object values can be overridden.
CiscoFP.Network.DescriptionStringDescription of the network object.
Command Example

!ciscofp-delete-network-object id=000C29A8-BA3B-0ed3-0000-124554053327

Context Example
{
"CiscoFP.Network": {
"Name": "playbookTestUpdate",
"Overridable": true,
"Description": "my",
"Value": "10.0.0.0/23",
"ID": "000C29A8-BA3B-0ed3-0000-124554053327"
}
}
Human Readable Output

Cisco Firepower - network object has been deleted.

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-124554053327playbookTestUpdate10.0.0.0/23truemy

15. ciscofp-delete-host-object


Deletes the specified host object.

Base Command

ciscofp-delete-host-object

Input
Argument NameDescriptionRequired
idID of the host object to delete.Required
Context Output
PathTypeDescription
CiscoFP.Host.IDStringID of the host object.
CiscoFP.Host.NameStringName of the host object.
CiscoFP.Host.ValueStringCIDR range.
CiscoFP.Host.OverridableStringWhether the object can be overridden.
CiscoFP.Host.DescriptionStringDescription of the host object.
Command Example

!ciscofp-delete-host-object id=000C29A8-BA3B-0ed3-0000-133143990598

Context Example
{
"CiscoFP.Host": {
"Name": "newTest322",
"Overridable": false,
"Description": "test",
"Value": "1.2.3.4",
"ID": "000C29A8-BA3B-0ed3-0000-133143990598"
}
}
Human Readable Output

Cisco Firepower - host object has been deleted.

IDNameValueOverridableDescription
000C29A8-BA3B-0ed3-0000-133143990598newTest3221.2.3.4falsetest

16. ciscofp-get-access-policy


Retrieves the access control policy associated with the specified ID. If no access policy ID is passed, all access control policies are returned.

Base Command

ciscofp-get-access-policy

Input
Argument NameDescriptionRequired
idID of the access policy.Optional
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.Policy.IDStringThe policy ID.
CiscoFP.Policy.NameStringThe name of the policy.
CiscoFP.Policy.DefaultActionIDStringThe default action ID of the policy.
Command Example

!ciscofp-get-access-policy

Context Example
{
"CiscoFP.Policy": [
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444674",
"ID": "000C29A8-BA3B-0ed3-0000-133143987627",
"Name": "BPS tst"
},
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268440576",
"ID": "000C29A8-BA3B-0ed3-0000-085899346038",
"Name": "Performance Test Policy without AMP"
},
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444676",
"ID": "000C29A8-BA3B-0ed3-0000-133143990165",
"Name": "playbookTest4"
},
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268443677",
"ID": "000C29A8-BA3B-0ed3-0000-124554066053",
"Name": "to test"
}
]
}
Human Readable Output

Cisco Firepower - List access policy:

IDNameDefaultActionID
000C29A8-BA3B-0ed3-0000-133143987627BPS tst000C29A8-BA3B-0ed3-0000-000268444674
000C29A8-BA3B-0ed3-0000-085899346038Performance Test Policy without AMP000C29A8-BA3B-0ed3-0000-000268440576
000C29A8-BA3B-0ed3-0000-133143990165playbookTest4000C29A8-BA3B-0ed3-0000-000268444676
000C29A8-BA3B-0ed3-0000-124554066053to test000C29A8-BA3B-0ed3-0000-000268443677

17. ciscofp-create-access-policy


Creates an access control policy.

Base Command

ciscofp-create-access-policy

Input
Argument NameDescriptionRequired
nameThe name of the new access policy.Required
actionThe action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY".Required
Context Output
PathTypeDescription
CiscoFP.Policy.IDStringThe policy ID.
CiscoFP.Policy.NameStringThe name of the policy.
CiscoFP.Policy.DefaultActionIDStringThe default action ID of the policy.
Command Example

!ciscofp-create-access-policy name=newTest232 action=BLOCK

Context Example
{
"CiscoFP.Policy": {
"DefaultActionID": "",
"ID": "000C29A8-BA3B-0ed3-0000-133143990627",
"Name": "newTest232"
}
}
Human Readable Output

Cisco Firepower - access policy has been created.

IDNameDefaultActionID
000C29A8-BA3B-0ed3-0000-133143990627newTest232

18. ciscofp-update-access-policy


Updates the specified access control policy.

Base Command

ciscofp-update-access-policy

Input
Argument NameDescriptionRequired
nameThe access policy name.Required
idID of the access policy.Required
default_action_idID of the default action.Required
actionThe action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY".Required
Context Output
PathTypeDescription
CiscoFP.Policy.IDStringThe policy ID.
CiscoFP.Policy.NameStringThe name of the policy.
CiscoFP.Policy.DefaultActionIDStringThe default action ID of the policy.
Command Example

!ciscofp-update-access-policy action=BLOCK default_action_id=000C29A8-BA3B-0ed3-0000-000268444682 name=jj id=000C29A8-BA3B-0ed3-0000-133143991123

Context Example
{
"CiscoFP.Policy": {
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444682",
"ID": "000C29A8-BA3B-0ed3-0000-133143991123",
"Name": "jj"
}
}
Human Readable Output

Cisco Firepower - access policy has been updated.

IDNameDefaultActionID
000C29A8-BA3B-0ed3-0000-133143991123jj000C29A8-BA3B-0ed3-0000-000268444682

19. ciscofp-delete-access-policy


Deletes the specified access control policy.

Base Command

ciscofp-delete-access-policy

Input
Argument NameDescriptionRequired
idID of the access policy.Required
Context Output
PathTypeDescription
CiscoFP.Policy.IDStringThe policy ID.
CiscoFP.Policy.NameStringThe name of the policy.
CiscoFP.Policy.DefaultActionIDStringThe default action ID of the policy.
Command Example

!ciscofp-delete-access-policy id=000C29A8-BA3B-0ed3-0000-133143990869

Context Example
{
"CiscoFP.Policy": {
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444680",
"ID": "000C29A8-BA3B-0ed3-0000-133143990869",
"Name": "qq"
}
}
Human Readable Output

Cisco Firepower - access policy deleted.

IDNameDefaultActionID
000C29A8-BA3B-0ed3-0000-133143990869qq000C29A8-BA3B-0ed3-0000-000268444680

20. ciscofp-list-security-group-tags


Retrieves a list of all custom security group tag objects.

Base Command

ciscofp-list-security-group-tags

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.SecurityGroupTags.IDStringID of security group tag.
CiscoFP.SecurityGroupTags.NameStringName of security group tag.
CiscoFP.SecurityGroupTags.TagNumberThe tag number.
Command Example

!ciscofp-list-security-group-tags

Context Example
{
"CiscoFP.SecurityGroupTags": [
{
"Tag": 1000,
"ID": "8d9813aa-32c1-11ea-9d47-eda81976c864",
"Name": "sample_tag"
},
{
"Tag": 65535,
"ID": "5fce8cce-aa67-11e5-816b-95eb712b72a1",
"Name": "ANY"
}
]
}
Human Readable Output

Cisco Firepower - List security group tags:

IDNameTag
8d9813aa-32c1-11ea-9d47-eda81976c864sample_tag1000
5fce8cce-aa67-11e5-816b-95eb712b72a1ANY65535

21. ciscofp-list-ise-security-group-tag


Retrieves a list of all ISE security group tag objects.

Base Command

ciscofp-list-ise-security-group-tag

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.SecurityGroupTags.IDStringID of security group tag.
CiscoFP.SecurityGroupTags.NameStringName of security group tag.
CiscoFP.SecurityGroupTags.TagNumberThe tag number.
Command Example

!ciscofp-list-ise-security-group-tags

Context Example
{
"CiscoFP.IseSecurityGroupTags": [
{
"Tag": 1000,
"ID": "8d9813aa-32c1-11ea-9d47-eda81976c864",
"Name": "sample_tag"
},
{
"Tag": 65535,
"ID": "5fce8cce-aa67-11e5-816b-95eb712b72a1",
"Name": "ANY"
}
]
}
Human Readable Output

Cisco Firepower - List ise security group tags:

IDNameTag
8d9813aa-32c1-11ea-9d47-eda81976c864sample_tag1000
5fce8cce-aa67-11e5-816b-95eb712b72a1ANY65535

22. ciscofp-list-vlan-tags


Retrieves a list of all vlantag objects.

Base Command

ciscofp-list-vlan-tags

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.VlanTags.IDStringID of the vlan tag.
CiscoFP.VlanTags.NameStringName of the vlan tag.
CiscoFP.VlanTags.OverridableBooleanBoolean indicating whether object values can be overridden.
CiscoFP.VlanTags.DescriptionStringDescription of the vlan tag.
CiscoFP.VlanTags.StartTagNumberStart tag number.
CiscoFP.VlanTags.EndTagNumberEnd tag number.
Command Example

!ciscofp-list-vlan-tags

Context Example
{
"CiscoFP.VlanTags": [
{
"StartTag": 2013,
"Name": "aaaa",
"EndTag": 2013,
"Overridable": false,
"ID": "000C29A8-BA3B-0ed3-0000-124554052529",
"Description": " "
}
]
}
Human Readable Output

Cisco Firepower - List vlan tags:

IDNameOverridableDescriptionStartTagEndTag
000C29A8-BA3B-0ed3-0000-124554052529aaaafalse20132013

23. ciscofp-list-vlan-tags-group


Retrieves a list of all vlan group tag objects.

Base Command

ciscofp-list-vlan-tags-group

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.VlanTagsGroup.NameStringName of the group.
CiscoFP.VlanTagsGroup.IDStringID of the group.
CiscoFP.VlanTagsGroup.DescriptionStringDescription of the object.
CiscoFP.VlanTagsGroup.OverridableBooleanBoolean indicating whether object values can be overridden.
CiscoFP.VlanTagsGroup.Objects.NameStringName of the object.
CiscoFP.VlanTagsGroup.Objects.IDStringID of the object.
CiscoFP.VlanTagsGroup.Objects.DescriptionStringDescription of the vlan tag.
CiscoFP.VlanTagsGroup.Objects.OverridableBooleanBoolean indicating whether object values can be overridden.
CiscoFP.VlanTagsGroup.Objects.StartTagNumberStart tag number.
CiscoFP.VlanTagsGroup.Objects.EndTagNumberEnd tag number.
Command Example

!ciscofp-list-vlan-tags-group

Context Example
{
"CiscoFP.VlanTagsGroup": [
{
"Name": "forPlaybookTest",
"Objects": [],
"Overridable": false,
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554057022"
}
]
}
Human Readable Output

Cisco Firepower - List of vlan tags groups objects:

IDNameOverridableDescriptionObjects
000C29A8-BA3B-0ed3-0000-124554057022forPlaybookTestfalse0

24. ciscofp-list-applications


Retrieves a list of all application objects.

Base Command

ciscofp-list-applications

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0Optional
Context Output
PathTypeDescription
CiscoFP.Applications.NameStringName of the application.
CiscoFP.Applications.IDStringID of the application.
CiscoFP.Applications.RiskStringRisk of the application.
CiscoFP.Applications.AppProductivityStringAppProductivity of the application.
CiscoFP.Applications.ApplicationTypesStringThe application type.
CiscoFP.Applications.AppCategories.IDStringAppCategory ID.
CiscoFP.Applications.AppCategories.NameStringAppCategory name.
CiscoFP.Applications.AppCategories.CountStringAppCategory count.
Command Example

!ciscofp-list-applications

Context Example
{
"CiscoFP.Applications": [
{
"AppCategories": [
{
"Count": 179,
"ID": "80",
"Name": "mobile application"
},
{
"Count": 59,
"ID": "85",
"Name": "VoIP"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "2325",
"Name": "050plus"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1553",
"Name": "1&1 Internet"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "535",
"Name": "1-800-Flowers"
},
{
"AppCategories": [
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "3715",
"Name": "1000mercis"
},
{
"AppCategories": [
{
"Count": 52,
"ID": "82",
"Name": "peer to peer"
}
],
"Risk": "Very High",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Server"
}
],
"ID": "536",
"Name": "100Bao"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1205",
"Name": "12306.cn"
},
{
"AppCategories": [
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4164",
"Name": "123Movies"
},
{
"AppCategories": [
{
"Count": 69,
"ID": "44",
"Name": "email"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1206",
"Name": "126.com"
},
{
"AppCategories": [
{
"Count": 199,
"ID": "37",
"Name": "social networking"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "2385",
"Name": "17173.com"
},
{
"AppCategories": [
{
"Count": 155,
"ID": "3",
"Name": "remote file storage"
},
{
"Count": 234,
"ID": "17",
"Name": "business"
},
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
}
],
"Risk": "Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4165",
"Name": "1fichier"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2346",
"Name": "2345.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Very Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2493",
"Name": "24/7 Media"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Very Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2492",
"Name": "247 Inc."
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "537",
"Name": "2channel"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
}
],
"Risk": "Medium",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1781",
"Name": "2Leep"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 234,
"ID": "17",
"Name": "business"
},
{
"Count": 199,
"ID": "37",
"Name": "social networking"
},
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "2419",
"Name": "33Across"
},
{
"AppCategories": [
{
"Count": 61,
"ID": "34",
"Name": "security management"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "3866",
"Name": "360 Safeguard"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 12,
"ID": "121",
"Name": "healthcare services"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1207",
"Name": "39.net"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3000",
"Name": "3Com AMP3"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "2",
"Name": "3COM-TSMUX"
},
{
"AppCategories": [
{
"Count": 160,
"ID": "20",
"Name": "gaming"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1256",
"Name": "4399.com"
},
{
"AppCategories": [
{
"Count": 104,
"ID": "40",
"Name": "instant messaging"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "1079",
"Name": "4chan"
},
{
"AppCategories": [
{
"Count": 155,
"ID": "3",
"Name": "remote file storage"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "948",
"Name": "4shared"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 179,
"ID": "80",
"Name": "mobile application"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "1654",
"Name": "500px"
},
{
"AppCategories": [
{
"Count": 199,
"ID": "37",
"Name": "social networking"
}
],
"Risk": "Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1032",
"Name": "51.com"
},
{
"AppCategories": [
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1031",
"Name": "56.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1649",
"Name": "58 City"
},
{
"AppCategories": [
{
"Count": 95,
"ID": "53",
"Name": "multimedia (other)"
},
{
"Count": 117,
"ID": "60",
"Name": "multimedia (music/audio)"
}
],
"Risk": "Medium",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "2218",
"Name": "5by5 Radio"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "538",
"Name": "6.pm"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "959",
"Name": "7digital"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "4",
"Name": "914CG"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
},
{
"Count": 95,
"ID": "53",
"Name": "multimedia (other)"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4167",
"Name": "9Gag"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Server"
}
],
"ID": "1087",
"Name": "9P"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 160,
"ID": "20",
"Name": "gaming"
},
{
"Count": 203,
"ID": "106",
"Name": "news"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "920",
"Name": "9p.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
},
{
"Count": 203,
"ID": "106",
"Name": "news"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "1389",
"Name": "ABC"
},
{
"AppCategories": [
{
"Count": 29,
"ID": "88",
"Name": "web spider/search crawler"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Client"
}
],
"ID": "2205",
"Name": "Abonti"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1167",
"Name": "About.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
},
{
"Count": 203,
"ID": "106",
"Name": "news"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4168",
"Name": "ABS-CBN"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "Very High",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "5",
"Name": "ACA Services"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3024",
"Name": "ACAP"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3001",
"Name": "Access Network"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3002",
"Name": "AccessBuilder"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1533",
"Name": "AccuWeather"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "539",
"Name": "Ace Hardware Corporation"
},
{
"AppCategories": [
{
"Count": 234,
"ID": "17",
"Name": "business"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2146",
"Name": "Acer"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "High",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4169",
"Name": "AcFun"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "6",
"Name": "ACI"
},
{
"AppCategories": [
{
"Count": 54,
"ID": "23",
"Name": "search engine"
},
{
"Count": 29,
"ID": "88",
"Name": "web spider/search crawler"
}
],
"Risk": "Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "2219",
"Name": "Acoon.de"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "7",
"Name": "ACR-NEMA"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1322",
"Name": "Acrobat.com"
}
]
}
Human Readable Output

Cisco Firepower - List of applications objects:

IDNameRiskAppProductivityApplicationTypesAppCategories
2325050plusMediumMedium22
15531&1 InternetVery LowLow12
5351-800-FlowersLowVery Low11
37151000mercisLowVery Low11
536100BaoVery HighVery Low21
120512306.cnVery LowHigh12
4164123MoviesMediumVery Low21
1206126.comVery LowHigh11
238517173.comMediumVery Low21
41651fichierLowMedium23
23462345.comVery LowMedium11
249324/7 MediaVery LowVery Low13
2492247 Inc.Very LowVery Low13
5372channelLowVery Low21
17812LeepMediumLow11
241933AcrossVery LowMedium24
3866360 SafeguardLowHigh11
120739.netVery LowHigh12
30003Com AMP3MediumMedium11
23COM-TSMUXVery LowHigh11
12564399.comMediumVery Low11
10794chanMediumVery Low21
9484sharedLowHigh21
1654500pxVery LowLow22
103251.comLowLow11
103156.comLowVery Low11
164958 CityVery LowLow12
22185by5 RadioMediumLow22
5386.pmLowVery Low11
9597digitalVery LowLow11
4914CGVery LowMedium11
41679GagMediumVery Low22
10879PVery LowHigh21
9209p.comMediumVery Low13
1389ABCMediumVery Low23
2205AbontiLowVery Low11
1167About.comVery LowMedium11
4168ABS-CBNVery LowHigh23
5ACA ServicesVery LowVery High11
3024ACAPMediumMedium11
3001Access NetworkMediumMedium11
3002AccessBuilderMediumMedium11
1533AccuWeatherVery LowLow13
539Ace Hardware CorporationLowVery Low11
2146AcerVery LowHigh11
4169AcFunHighVery Low22
6ACIVery LowMedium11
2219Acoon.deLowLow22
7ACR-NEMALowHigh11
1322Acrobat.comLowHigh11

25. ciscofp-get-access-rules


Retrieves the access control rule associated with the specified policy ID and rule ID. If no rule ID is specified, retrieves a list of all access rules associated with the specified policy ID.

Base Command

ciscofp-get-access-rules

Input
Argument NameDescriptionRequired
policy_idPolicy ID.Required
rule_idRule ID.Optional
Context Output
PathTypeDescription
CiscoFP.Rule.ActionStringRule action.
CiscoFP.Rule.Applications.IDStringApplication object ID.
CiscoFP.Rule.Applications.NameStringApplication object name.
CiscoFP.Rule.CategoryStringCategory of rule.
CiscoFP.Rule.DestinationNetworks.Addresses.TypeStringAddress type.
CiscoFP.Rule.DestinationNetworks.Addresses.ValueStringIP address or CIDR range.
CiscoFP.Rule.DestinationNetworks.Objects.IDStringObject ID.
CiscoFP.Rule.DestinationNetworks.Objects.NameStringObject name.
CiscoFP.Rule.DestinationNetworks.Objects.TypeStringObject type.
CiscoFP.Rule.DestinationPorts.Addresses.PortStringPort number.
CiscoFP.Rule.DestinationPorts.Addresses.ProtocolStringPort protocol.
CiscoFP.Rule.DestinationPorts.Objects.IDStringPort object ID.
CiscoFP.Rule.DestinationPorts.Objects.NameStringPort object name.
CiscoFP.Rule.DestinationPorts.Objects.ProtocolStringPort object protocol.
CiscoFP.Rule.DestinationPorts.Objects.TypeStringPort object type.
CiscoFP.Rule.DestinationZones.Objects.IDStringZone ID.
CiscoFP.Rule.DestinationZones.Objects.NameStringZone name.
CiscoFP.Rule.DestinationZones.Objects.TypeStringZone type.
CiscoFP.Rule.EnabledNumberWhether the rule is enabled.
CiscoFP.Rule.IDStringRule ID.
CiscoFP.Rule.NameStringRule name.
CiscoFP.Rule.RuleIndexNumberThe index of the rule.
CiscoFP.Rule.SectionStringThe section of the rule.
CiscoFP.Rule.SendEventsToFMCNumberBoolean indicating whether the device will send events to Cisco Firepower.
CiscoFP.Rule.SourceNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.SourceNetworks.Addresses.ValueStringIP address or CIDR range.
CiscoFP.Rule.SourceNetworks.Objects.IDStringObject ID.
CiscoFP.Rule.SourceNetworks.Objects.NameStringObject name.
CiscoFP.Rule.SourceNetworks.Objects.TypeStringObject type.
CiscoFP.Rule.SourcePorts.Addresses.PortStringPort number.
CiscoFP.Rule.SourcePorts.Addresses.ProtocolStringPort protocol.
CiscoFP.Rule.SourcePorts.Objects.IDStringObject ID.
CiscoFP.Rule.SourcePorts.Objects.NameStringObject name.
CiscoFP.Rule.SourcePorts.Objects.ProtocolStringObject protocol.
CiscoFP.Rule.SourcePorts.Objects.TypeStringObject type.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.IDStringObject ID.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.NameStringObject name.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.TypeStringObject type.
CiscoFP.Rule.SourceZones.Objects.IDStringObject ID.
CiscoFP.Rule.SourceZones.Objects.NameStringObject name.
CiscoFP.Rule.SourceZones.Objects.TypeStringObject type.
CiscoFP.Rule.Urls.Addresses.URLStringURL address.
CiscoFP.Rule.Urls.Objects.IDStringURL object ID.
CiscoFP.Rule.Urls.Objects.NameStringURL object name.
CiscoFP.Rule.VlanTags.Numbers.EndTagNumberThe vlan tag number end tag.
CiscoFP.Rule.VlanTags.Numbers.StartTagNumberThe vlan tag number start tag.
CiscoFP.Rule.VlanTags.Objects.IDStringObject ID.
CiscoFP.Rule.VlanTags.Objects.NameStringObject name.
CiscoFP.Rule.VlanTags.Objects.TypeStringObject type.
Command Example

!ciscofp-get-access-rules policy_id=000C29A8-BA3B-0ed3-0000-085899346038

Context Example
{
"CiscoFP.Rule": [
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Mandatory",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 1,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": true,
"ID": "000C29A8-BA3B-0ed3-0000-000268440577",
"Name": "IP Any Any Any"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Mandatory",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 2,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268441600",
"Name": "test"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Mandatory",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 3,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "BLOCK",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "10.0.0.5"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268442624",
"Name": "arseny_rule"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": [
{
"Type": "SecurityZone",
"ID": "6038978c-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Untrust"
},
{
"Type": "SecurityZone",
"ID": "e5156ab2-c736-11e8-bacb-8d7a1cfa386e",
"Name": "Trust"
}
]
},
"DestinationZones": {
"Objects": [
{
"Type": "SecurityZone",
"ID": "e5156ab2-c736-11e8-bacb-8d7a1cfa386e",
"Name": "Trust"
},
{
"Type": "SecurityZone",
"ID": "5884acce-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Trust"
}
]
},
"DestinationNetworks": {
"Objects": [
{
"Type": "NetworkGroup",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Name": "ee"
},
{
"Type": "Network",
"ID": "000C29A8-BA3B-0ed3-0000-124554053196",
"Name": "nn"
}
],
"Addresses": []
},
"DestinationPorts": {
"Objects": [
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "1834e50a-38bb-11e2-86aa-62f0c593a59a",
"Name": "TCP_high_ports"
},
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "1834c07a-38bb-11e2-86aa-62f0c593a59a",
"Name": "SMTPS"
}
],
"Addresses": [
{
"Protocol": "6",
"Port": "990"
}
]
},
"Section": "Default",
"Enabled": true,
"SourcePorts": {
"Objects": [
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "1834bd00-38bb-11e2-86aa-62f0c593a59a",
"Name": "HTTPS"
},
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee",
"Name": "TELNET"
}
],
"Addresses": [
{
"Protocol": "6",
"Port": "900"
}
]
},
"RuleIndex": 4,
"VlanTags": {
"Objects": [
{
"Type": "VlanTag",
"ID": "000C29A8-BA3B-0ed3-0000-124554052529",
"Name": "aaaa"
}
],
"Numbers": [
{
"StartTag": 1300,
"EndTag": 1300
}
]
},
"Applications": [
{
"ID": "536",
"Name": "100Bao"
},
{
"ID": "3715",
"Name": "1000mercis"
},
{
"ID": "948",
"Name": "4shared"
},
{
"ID": "1087",
"Name": "9P"
}
],
"SourceSecurityGroupTags": {
"Objects": [
{
"Type": "SecurityGroupTag",
"ID": "5fce8cce-aa67-11e5-816b-95eb712b72a1",
"Name": "ANY"
},
{
"Type": "SecurityGroupTag",
"ID": "8d9813aa-32c1-11ea-9d47-eda81976c864",
"Name": "sample_tag"
}
]
},
"Urls": {
"Objects": [
{
"ID": "60f4e2ab-d96c-44a0-bd38-830252b67077",
"Name": "URL CnC"
},
{
"ID": "3e2af68e-5fc8-4b1c-b5bc-b4e7cab5c9eb",
"Name": "URL Spam"
}
],
"Addresses": [
{
"URL": "www.ynet.co.il"
}
]
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [
{
"Type": "Network",
"ID": "000C29A8-BA3B-0ed3-0000-124554053289",
"Name": "1"
},
{
"Type": "NetworkGroup",
"ID": "69fa2a3a-4487-4e3c-816f-4098f684826e",
"Name": "any"
},
{
"Type": "NetworkGroup",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Name": "ee"
}
],
"Addresses": []
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268443649",
"Name": "mytest"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "8.8.8.2"
},
{
"Type": "Host",
"Value": "4.4.4.8"
}
]
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": false,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 5,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": [
{
"URL": "galitz.com"
},
{
"URL": "goog.com"
}
]
},
"Action": "BLOCK",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "10.0.0.1"
},
{
"Type": "Host",
"Value": "8.8.8.6"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268443653",
"Name": "newUpdateTest"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.5"
}
]
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 6,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": [
{
"URL": "www.google.com"
}
]
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268444677",
"Name": "playbookTest5"
}
]
}
Human Readable Output

Cisco Firepower - List of access rules:

IDNameActionEnabledSendEventsToFMCRuleIndexSectionCategoryUrlsVlanTagsSourceZonesApplicationsDestinationZonesSourceNetworksDestinationNetworksSourcePortsDestinationPortsSourceSecurityGroupTags
000C29A8-BA3B-0ed3-0000-000268440577IP Any Any AnyALLOWtruetrue1Mandatory--Undefined--0000000000
000C29A8-BA3B-0ed3-0000-000268441600testALLOWtruefalse2Mandatory--Undefined--0000000000
000C29A8-BA3B-0ed3-0000-000268442624arseny_ruleBLOCKtruefalse3Mandatory--Undefined--0000010000
000C29A8-BA3B-0ed3-0000-000268443649mytestALLOWtruefalse4Default--Undefined--3224232332
000C29A8-BA3B-0ed3-0000-000268443653newUpdateTestBLOCKfalsefalse5Default--Undefined--2000022000
000C29A8-BA3B-0ed3-0000-000268444677playbookTest5ALLOWtruefalse6Default--Undefined--1000011000

26. ciscofp-create-access-rules


Creates an access control rule.

Base Command

ciscofp-create-access-rules

Input
Argument NameDescriptionRequired
actionThe rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE".Required
rule_nameThe rule name.Required
enabledBoolean indicating whether to enable the access control rule.Optional
source_zone_object_idsA list of source zone object IDs. To get IDs use the ciscofp-list-zones command.Optional
policy_idThe policy ID in which to create the new rule.Required
destination_zone_object_idsA list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command.Optional
vlan_tag_object_idsA list of vlan tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command.Optional
source_network_object_idsA list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command.Optional
source_network_addressesA list of source IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively.Optional
destination_network_object_idsA list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively.Optional
destination_network_addressesA list of destination addresses.Optional
source_port_object_idsA list of port object IDs. To get IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands.Optional
destination_port_object_idsA list of port object IDs. To get IDs, use the ciscofp-list-ports command.Optional
source_security_group_tag_object_idsA list of security group tag object IDs. To get IDs, use the ciscofp-list-security-group-tags command.Optional
application_object_idsA list of application object IDs. To get IDs, use the ciscofp-list-applications command.Optional
url_object_idsA list of URL object IDs. To get IDs, use the ciscofp-list-url-categories command.Optional
url_addressesA list of URL addresses.Optional
Context Output
PathTypeDescription
CiscoFP.Rule.ActionStringThe action that determines how the system handles matching traffic.
CiscoFP.Rule.Applications.IDStringThe application object ID.
CiscoFP.Rule.Applications.NameStringThe application object name.
CiscoFP.Rule.CategoryStringThe category of rule.
CiscoFP.Rule.DestinationNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.DestinationNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.DestinationNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.DestinationNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.DestinationNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.DestinationPorts.Addresses.PortStringThe port number.
CiscoFP.Rule.DestinationPorts.Addresses.ProtocolStringThe port protocol.
CiscoFP.Rule.DestinationPorts.Objects.IDStringThe port object ID.
CiscoFP.Rule.DestinationPorts.Objects.NameStringThe port object name.
CiscoFP.Rule.DestinationPorts.Objects.ProtocolStringThe port object protocol.
CiscoFP.Rule.DestinationPorts.Objects.TypeStringThe port object type.
CiscoFP.Rule.DestinationZones.Objects.IDStringThe zone ID.
CiscoFP.Rule.DestinationZones.Objects.NameStringThe zone name.
CiscoFP.Rule.DestinationZones.Objects.TypeStringThe zone type.
CiscoFP.Rule.EnabledNumberBoolean indicating whether to enable the rule.
CiscoFP.Rule.IDStringThe rule ID.
CiscoFP.Rule.NameStringThe rule name.
CiscoFP.Rule.RuleIndexNumberThe index of the rule.
CiscoFP.Rule.SectionStringThe section of the rule.
CiscoFP.Rule.SendEventsToFMCNumberBoolean indicating whether the device will send events to Cisco Firepower.
CiscoFP.Rule.SourceNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.SourceNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.SourceNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.SourceNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.SourcePorts.Addresses.PortStringThe address port.
CiscoFP.Rule.SourcePorts.Addresses.ProtocolStringThe address protocol.
CiscoFP.Rule.SourcePorts.Objects.IDStringThe object ID.
CiscoFP.Rule.SourcePorts.Objects.NameStringThe object name.
CiscoFP.Rule.SourcePorts.Objects.ProtocolStringThe object protocol.
CiscoFP.Rule.SourcePorts.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.NameStringThe object name.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceZones.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceZones.Objects.NameStringThe object name.
CiscoFP.Rule.SourceZones.Objects.TypeStringThe object type.
CiscoFP.Rule.Urls.Addresses.URLStringThe URL address.
CiscoFP.Rule.Urls.Objects.IDStringThe URL object ID.
CiscoFP.Rule.Urls.Objects.NameStringThe URL object name.
CiscoFP.Rule.VlanTags.Numbers.EndTagNumberThe vlan tag number end tag.
CiscoFP.Rule.VlanTags.Numbers.StartTagNumberThe vlan tag number start tag.
CiscoFP.Rule.VlanTags.Objects.IDStringThe object ID.
CiscoFP.Rule.VlanTags.Objects.NameStringThe object name.
CiscoFP.Rule.VlanTags.Objects.TypeStringThe object type.
Command Example

!ciscofp-create-access-rules action=ALLOW rule_name=playbookTest5 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038

Human Readable Output### 26. ciscofp-create-access-rules

Creates an access control rule.

Base Command

ciscofp-create-access-rules

Input
Argument NameDescriptionRequired
actionThe rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE".Required
rule_nameThe rule name.Required
enabledBoolean indicating whether to enable the access control rule.Optional
source_zone_object_idsA list of source zone object IDs. To get IDs use the ciscofp-list-zones command.Optional
policy_idThe policy ID in which to create the new rule.Required
destination_zone_object_idsA list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command.Optional
vlan_tag_object_idsA list of vlan tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command.Optional
source_network_object_idsA list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command.Optional
source_network_addressesA list of source IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively.Optional
destination_network_object_idsA list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively.Optional
destination_network_addressesA list of destination addresses.Optional
source_port_object_idsA list of port object IDs. To get IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands.Optional
destination_port_object_idsA list of port object IDs. To get IDs, use the ciscofp-list-ports command.Optional
source_security_group_tag_object_idsA list of security group tag object IDs. To get IDs, use the ciscofp-list-security-group-tags command.Optional
application_object_idsA list of application object IDs. To get IDs, use the ciscofp-list-applications command.Optional
url_object_idsA list of URL object IDs. To get IDs, use the ciscofp-list-url-categories command.Optional
url_addressesA list of URL addresses.Optional
Context Output
PathTypeDescription
CiscoFP.Rule.ActionStringThe action that determines how the system handles matching traffic.
CiscoFP.Rule.Applications.IDStringThe application object ID.
CiscoFP.Rule.Applications.NameStringThe application object name.
CiscoFP.Rule.CategoryStringThe category of rule.
CiscoFP.Rule.DestinationNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.DestinationNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.DestinationNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.DestinationNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.DestinationNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.DestinationPorts.Addresses.PortStringThe port number.
CiscoFP.Rule.DestinationPorts.Addresses.ProtocolStringThe port protocol.
CiscoFP.Rule.DestinationPorts.Objects.IDStringThe port object ID.
CiscoFP.Rule.DestinationPorts.Objects.NameStringThe port object name.
CiscoFP.Rule.DestinationPorts.Objects.ProtocolStringThe port object protocol.
CiscoFP.Rule.DestinationPorts.Objects.TypeStringThe port object type.
CiscoFP.Rule.DestinationZones.Objects.IDStringThe zone ID.
CiscoFP.Rule.DestinationZones.Objects.NameStringThe zone name.
CiscoFP.Rule.DestinationZones.Objects.TypeStringThe zone type.
CiscoFP.Rule.EnabledNumberBoolean indicating whether to enable the rule.
CiscoFP.Rule.IDStringThe rule ID.
CiscoFP.Rule.NameStringThe rule name.
CiscoFP.Rule.RuleIndexNumberThe index of the rule.
CiscoFP.Rule.SectionStringThe section of the rule.
CiscoFP.Rule.SendEventsToFMCNumberBoolean indicating whether the device will send events to Cisco Firepower.
CiscoFP.Rule.SourceNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.SourceNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.SourceNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.SourceNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.SourcePorts.Addresses.PortStringThe address port.
CiscoFP.Rule.SourcePorts.Addresses.ProtocolStringThe address protocol.
CiscoFP.Rule.SourcePorts.Objects.IDStringThe object ID.
CiscoFP.Rule.SourcePorts.Objects.NameStringThe object name.
CiscoFP.Rule.SourcePorts.Objects.ProtocolStringThe object protocol.
CiscoFP.Rule.SourcePorts.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.NameStringThe object name.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceZones.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceZones.Objects.NameStringThe object name.
CiscoFP.Rule.SourceZones.Objects.TypeStringThe object type.
CiscoFP.Rule.Urls.Addresses.URLStringThe URL address.
CiscoFP.Rule.Urls.Objects.IDStringThe URL object ID.
CiscoFP.Rule.Urls.Objects.NameStringThe URL object name.
CiscoFP.Rule.VlanTags.Numbers.EndTagNumberThe vlan tag number end tag.
CiscoFP.Rule.VlanTags.Numbers.StartTagNumberThe vlan tag number start tag.
CiscoFP.Rule.VlanTags.Objects.IDStringThe object ID.
CiscoFP.Rule.VlanTags.Objects.NameStringThe object name.
CiscoFP.Rule.VlanTags.Objects.TypeStringThe object type.
Command Example

!ciscofp-create-access-rules action=ALLOW rule_name=newTest222322 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038

Context Example
{
"CiscoFP.Rule": {
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.5"
}
]
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 1,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": [
{
"URL": "www.google.com"
}
]
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268444679",
"Name": "newTest222322"
}
}
Human Readable Output

Cisco Firepower - the new access rule:

IDNameActionEnabledSendEventsToFMCRuleIndexSectionCategoryUrlsVlanTagsSourceZonesApplicationsDestinationZonesSourceNetworksDestinationNetworksSourcePortsDestinationPortsSourceSecurityGroupTags
000C29A8-BA3B-0ed3-0000-000268444679newTest222322ALLOWtruefalse1Default--Undefined--1000011000

27. ciscofp-update-access-rules


Updates the specified access control rule.

Base Command

ciscofp-update-access-rules

Input
Argument NameDescriptionRequired
update_strategyThe method by which to update the rule. Can be "merge" or "override". If merge, will add the changes requested to the existing rule. If override, will override the fields with the inputs provided and will delete any fields that were not provided.Required
actionThe rule action that determines how the system handles matching traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE".Optional
rule_nameThe rule name.Optional
enabledBoolean indicating whether to enable the rule. The default is "true".Optional
source_zone_object_idsA list of source zones object IDs.Optional
policy_idThe policy ID for which to create the new rule.Required
destination_zone_object_idsA list of destination zones object IDs.Optional
vlan_tag_object_idsA list of vlan tag object IDs.Optional
source_network_object_idsA list of source network object IDs.Optional
source_network_addressesA list of addresses.Optional
destination_network_object_idsA list of destination network object IDs.Optional
destination_network_addressesA list of addresses.Optional
source_port_object_idsA list of port object IDs.Optional
destination_port_object_idsA list of port object IDs.Optional
source_security_group_tag_object_idsA list of security group tag object IDs.Optional
application_object_idsA list of application object IDs.Optional
url_object_idsA list of URL object IDs.Optional
url_addressesA list of URL addresses.Optional
rule_idThe ID of the rule to update.Required
Context Output
PathTypeDescription
CiscoFP.Rule.ActionStringThe action that determines how the system handles matching traffic.
CiscoFP.Rule.Applications.IDStringThe application object ID.
CiscoFP.Rule.Applications.NameStringThe application object name.
CiscoFP.Rule.CategoryStringThe category of the rule.
CiscoFP.Rule.DestinationNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.DestinationNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.DestinationNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.DestinationNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.DestinationNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.DestinationPorts.Addresses.PortStringThe port number.
CiscoFP.Rule.DestinationPorts.Addresses.ProtocolStringThe port protocol.
CiscoFP.Rule.DestinationPorts.Objects.IDStringThe port object ID.
CiscoFP.Rule.DestinationPorts.Objects.NameStringThe port object name.
CiscoFP.Rule.DestinationPorts.Objects.ProtocolStringThe port object protocol.
CiscoFP.Rule.DestinationPorts.Objects.TypeStringThe port object type.
CiscoFP.Rule.DestinationZones.Objects.IDStringThe destination zone object IDs.
CiscoFP.Rule.DestinationZones.Objects.NameStringThe destination zone object names.
CiscoFP.Rule.DestinationZones.Objects.TypeStringThe destination zone object types.
CiscoFP.Rule.EnabledNumberBoolean indicating whether the rule is enabled.
CiscoFP.Rule.IDStringThe rule ID.
CiscoFP.Rule.NameStringThe rule name.
CiscoFP.Rule.RuleIndexNumberThe index of the rule.
CiscoFP.Rule.SectionStringThe section of the rule.
CiscoFP.Rule.SendEventsToFMCNumberBoolean indicating whether the device will send events to Cisco Firepower.
CiscoFP.Rule.SourceNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.SourceNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.SourceNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.SourceNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.SourcePorts.Addresses.PortStringThe address port.
CiscoFP.Rule.SourcePorts.Addresses.ProtocolStringThe address protocol.
CiscoFP.Rule.SourcePorts.Objects.IDStringThe object ID.
CiscoFP.Rule.SourcePorts.Objects.NameStringThe object name.
CiscoFP.Rule.SourcePorts.Objects.ProtocolStringThe object protocol.
CiscoFP.Rule.SourcePorts.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.NameStringThe object name.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceZones.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceZones.Objects.NameStringThe object name.
CiscoFP.Rule.SourceZones.Objects.TypeStringThe object type.
CiscoFP.Rule.Urls.Addresses.URLStringThe URL address.
CiscoFP.Rule.Urls.Objects.IDStringThe URL object ID.
CiscoFP.Rule.Urls.Objects.NameStringThe URL object name.
CiscoFP.Rule.VlanTags.Numbers.EndTagNumberThe vlan tag number end tag.
CiscoFP.Rule.VlanTags.Numbers.StartTagNumberThe vlan tag number start tag.
CiscoFP.Rule.VlanTags.Objects.IDStringThe object ID.
CiscoFP.Rule.VlanTags.Objects.NameStringThe object name.
CiscoFP.Rule.VlanTags.Objects.TypeStringThe object type.
Command Example

!ciscofp-update-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143987627 rule_id=000C29A8-BA3B-0ed3-0000-000268444675 update_strategy=merge enabled=false

Context Example
{
"CiscoFP.Rule": {
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": false,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 1,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": true,
"ID": "000C29A8-BA3B-0ed3-0000-000268444675",
"Name": "BPS-access-policy"
}
}
Human Readable Output

Cisco Firepower - access rule:

IDNameActionEnabledSendEventsToFMCRuleIndexSectionCategoryUrlsVlanTagsSourceZonesApplicationsDestinationZonesSourceNetworksDestinationNetworksSourcePortsDestinationPortsSourceSecurityGroupTags
000C29A8-BA3B-0ed3-0000-000268444675BPS-access-policyALLOWfalsetrue1Default--Undefined--0000000000

28. ciscofp-delete-access-rules


Deletes the specified access control rule.

Base Command

ciscofp-delete-access-rules

Input
Argument NameDescriptionRequired
policy_idThe policy ID.Required
rule_idThe ID of the rule to delete.Required
Context Output
PathTypeDescription
CiscoFP.Rule.ActionStringThe action that determines how the system handles matching traffic.
CiscoFP.Rule.Applications.IDStringThe application object ID.
CiscoFP.Rule.Applications.NameStringThe application object name.
CiscoFP.Rule.CategoryStringThe category of the rule.
CiscoFP.Rule.DestinationNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.DestinationNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.DestinationNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.DestinationNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.DestinationNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.DestinationPorts.Addresses.PortStringThe port number.
CiscoFP.Rule.DestinationPorts.Addresses.ProtocolStringThe port protocol.
CiscoFP.Rule.DestinationPorts.Objects.IDStringThe port object ID.
CiscoFP.Rule.DestinationPorts.Objects.NameStringThe port object name.
CiscoFP.Rule.DestinationPorts.Objects.ProtocolStringThe port object protocol.
CiscoFP.Rule.DestinationPorts.Objects.TypeStringThe port object type.
CiscoFP.Rule.DestinationZones.Objects.IDStringThe zone IDs.
CiscoFP.Rule.DestinationZones.Objects.NameStringThe zone names.
CiscoFP.Rule.DestinationZones.Objects.TypeStringThe zone types.
CiscoFP.Rule.EnabledNumberBoolean indicating whether the rule is enabled.
CiscoFP.Rule.IDStringThe rule ID.
CiscoFP.Rule.NameStringThe rule name.
CiscoFP.Rule.RuleIndexNumberThe index of the rule.
CiscoFP.Rule.SectionStringThe section of the rule.
CiscoFP.Rule.SendEventsToFMCNumberBoolean indicating whether the device will send events to Cisco Firepower.
CiscoFP.Rule.SourceNetworks.Addresses.TypeStringThe address type.
CiscoFP.Rule.SourceNetworks.Addresses.ValueStringThe address value.
CiscoFP.Rule.SourceNetworks.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceNetworks.Objects.NameStringThe object name.
CiscoFP.Rule.SourceNetworks.Objects.TypeStringThe object type.
CiscoFP.Rule.SourcePorts.Addresses.PortStringThe address port.
CiscoFP.Rule.SourcePorts.Addresses.ProtocolStringThe address protocol.
CiscoFP.Rule.SourcePorts.Objects.IDStringThe object ID.
CiscoFP.Rule.SourcePorts.Objects.NameStringThe object name.
CiscoFP.Rule.SourcePorts.Objects.ProtocolStringThe object protocol.
CiscoFP.Rule.SourcePorts.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.NameStringThe object name.
CiscoFP.Rule.SourceSecurityGroupTags.Objects.TypeStringThe object type.
CiscoFP.Rule.SourceZones.Objects.IDStringThe object ID.
CiscoFP.Rule.SourceZones.Objects.NameStringThe object name.
CiscoFP.Rule.SourceZones.Objects.TypeStringThe object type.
CiscoFP.Rule.Urls.Addresses.URLStringThe URL address.
CiscoFP.Rule.Urls.Objects.IDStringThe URL object ID.
CiscoFP.Rule.Urls.Objects.NameStringThe URL object name.
CiscoFP.Rule.VlanTags.Numbers.EndTagNumberThe vlan tag number end tag.
CiscoFP.Rule.VlanTags.Numbers.StartTagNumberThe vlan tag number start tag.
CiscoFP.Rule.VlanTags.Objects.IDStringThe object ID.
CiscoFP.Rule.VlanTags.Objects.NameStringThe object name.
CiscoFP.Rule.VlanTags.Objects.TypeStringThe object type.
Command Example

!ciscofp-delete-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143991123 rule_id=000C29A8-BA3B-0ed3-0000-000268444684

Context Example
{
"CiscoFP.Rule": {
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": false,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": "",
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268444684",
"Name": "hgf"
}
}
Human Readable Output

Cisco Firepower - deleted access rule:

IDNameActionEnabledSendEventsToFMCRuleIndexSectionCategoryUrlsVlanTagsSourceZonesApplicationsDestinationZonesSourceNetworksDestinationNetworksSourcePortsDestinationPortsSourceSecurityGroupTags
000C29A8-BA3B-0ed3-0000-000268444684hgfALLOWfalsefalseDefault--Undefined--0000000000

29. ciscofp-list-policy-assignments


Retrieves a list of all policy assignments to target devices.

Base Command

ciscofp-list-policy-assignments

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50Optional
offsetIndex of first item to return. The default is 0Optional
Context Output
PathTypeDescription
CiscoFP.PolicyAssignments.IDStringThe policy assignments ID.
CiscoFP.PolicyAssignments.NameStringThe policy assignments name.
CiscoFP.PolicyAssignments.PolicyDescriptionStringThe policy description.
CiscoFP.PolicyAssignments.PolicyIDStringThe policy ID.
CiscoFP.PolicyAssignments.PolicyNameStringThe policy name.
CiscoFP.PolicyAssignments.Targets.IDStringThe targets ID.
CiscoFP.PolicyAssignments.Targets.NameStringThe targets name.
CiscoFP.PolicyAssignments.Targets.TypeStringThe targets type.
Command Example

!ciscofp-list-policy-assignments

Context Example
{
"CiscoFP.PolicyAssignments": [
{
"PolicyName": "BPS tst",
"PolicyDescription": "",
"ID": "000C29A8-BA3B-0ed3-0000-133143987627",
"PolicyID": "000C29A8-BA3B-0ed3-0000-133143987627",
"Targets": [
{
"Type": "Device",
"ID": "43e032dc-07c5-11ea-b83d-d5fdc079bf65",
"Name": "FTD_10.8.49.209"
}
],
"Name": "BPS tst"
}
]
}
Human Readable Output

Cisco Firepower - List of policy assignments:

IDNamePolicyNamePolicyIDPolicyDescriptionTargets
000C29A8-BA3B-0ed3-0000-133143987627BPS tstBPS tst000C29A8-BA3B-0ed3-0000-1331439876271

30. ciscofp-create-policy-assignments


Creates policy assignments to target devices.

Base Command

ciscofp-create-policy-assignments

Input
Argument NameDescriptionRequired
policy_idThe policy ID.Required
device_idsA list of device IDs.Optional
device_group_idsA list of device group IDs.Optional
Context Output
PathTypeDescription
CiscoFP.PolicyAssignments.IDStringThe policy assignments ID.
CiscoFP.PolicyAssignments.NameStringThe policy assignments name.
CiscoFP.PolicyAssignments.PolicyDescriptionStringThe policy description.
CiscoFP.PolicyAssignments.PolicyIDStringThe policy ID.
CiscoFP.PolicyAssignments.PolicyNameStringThe policy name.
CiscoFP.PolicyAssignments.Targets.IDStringThe targets ID.
CiscoFP.PolicyAssignments.Targets.NameStringThe targets name.
CiscoFP.PolicyAssignments.Targets.TypeStringThe targets type.
Command Example

!ciscofp-create-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038

Context Example
{
"CiscoFP.PolicyAssignments": {
"PolicyName": "Performance Test Policy without AMP",
"PolicyDescription": "",
"ID": "000C29A8-BA3B-0ed3-0000-085899346038",
"PolicyID": "000C29A8-BA3B-0ed3-0000-085899346038",
"Targets": [],
"Name": "Performance Test Policy without AMP"
}
}
Human Readable Output

Cisco Firepower - Policy assignments has been done.

IDNamePolicyNamePolicyIDPolicyDescriptionTargets
000C29A8-BA3B-0ed3-0000-085899346038Performance Test Policy without AMPPerformance Test Policy without AMP000C29A8-BA3B-0ed3-0000-0858993460380

31. ciscofp-update-policy-assignments


Updates the specified policy assignments to target devices.

Base Command

ciscofp-update-policy-assignments

Input
Argument NameDescriptionRequired
policy_idThe policy ID.Optional
device_idsA list of device IDs.Optional
device_group_idsA list of device group IDs.Optional
Context Output
PathTypeDescription
CiscoFP.PolicyAssignments.IDStringThe policy assignments ID.
CiscoFP.PolicyAssignments.NameStringThe policy assignments name.
CiscoFP.PolicyAssignments.PolicyDescriptionStringThe policy description.
CiscoFP.PolicyAssignments.PolicyIDStringThe policy ID.
CiscoFP.PolicyAssignments.PolicyNameStringThe policy name.
CiscoFP.PolicyAssignments.Targets.IDStringThe targets ID.
CiscoFP.PolicyAssignments.Targets.NameStringThe targets name.
CiscoFP.PolicyAssignments.Targets.TypeStringThe targets type.
Command Example

!ciscofp-update-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038

Context Example
{
"CiscoFP.PolicyAssignments": {
"PolicyName": "Performance Test Policy without AMP",
"PolicyDescription": "",
"ID": "000C29A8-BA3B-0ed3-0000-085899346038",
"PolicyID": "000C29A8-BA3B-0ed3-0000-085899346038",
"Targets": [],
"Name": "Performance Test Policy without AMP"
}
}
Human Readable Output

Cisco Firepower - Policy assignments has been done.

IDNamePolicyNamePolicyIDPolicyDescriptionTargets
000C29A8-BA3B-0ed3-0000-085899346038Performance Test Policy without AMPPerformance Test Policy without AMP000C29A8-BA3B-0ed3-0000-0858993460380

32. ciscofp-get-deployable-devices


Retrieves a list of all devices with configuration changes that are ready to deploy.

Base Command

ciscofp-get-deployable-devices

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.DeployableDevices.CanBeDeployedStringCan be deployed.
CiscoFP.DeployableDevices.UpToDateStringUp to date.
CiscoFP.DeployableDevices.DeviceIDStringDevice ID.
CiscoFP.DeployableDevices.DeviceNameStringDevice name.
CiscoFP.DeployableDevices.DeviceTypeStringDevice type.
CiscoFP.DeployableDevices.VersionStringDevice version.
Command Example

!ciscofp-get-deployable-devices

Context Example
{
"CiscoFP.DeployableDevices": [
{
"DeviceName": "FTD_10.8.49.209",
"CanBeDeployed": true,
"UpToDate": false,
"Version": "1585679109082",
"DeviceType": "SENSOR",
"DeviceID": "43e032dc-07c5-11ea-b83d-d5fdc079bf65"
}
]
}
Human Readable Output

Cisco Firepower - List of deployable devices:

CanBeDeployedUpToDateDeviceIDDeviceNameDeviceTypeVersion
truefalse43e032dc-07c5-11ea-b83d-d5fdc079bf65FTD_10.8.49.209SENSOR1585679109082

33. ciscofp-get-device-records


Retrieves list of all device records.

Base Command

ciscofp-get-device-records

Input
Argument NameDescriptionRequired
limitThe maximum number of items to return. The default is 50.Optional
offsetIndex of first item to return. The default is 0.Optional
Context Output
PathTypeDescription
CiscoFP.DeviceRecords.DeviceGroupIDStringThe device group ID.
CiscoFP.DeviceRecords.HostNameStringThe device host.
CiscoFP.DeviceRecords.IDStringThe device ID.
CiscoFP.DeviceRecords.NameStringThe device name.
CiscoFP.DeviceRecords.TypeStringThe device type.
Command Example

!ciscofp-get-device-records

Context Example
{
"CiscoFP.DeviceRecords": [
{
"Name": "FTD_10.8.49.209",
"HostName": "10.8.49.209",
"Type": "Device",
"DeviceGroupID": "31b082e4-32c5-11ea-9d47-eda81976c864",
"ID": "43e032dc-07c5-11ea-b83d-d5fdc079bf65"
}
]
}
Human Readable Output

Cisco Firepower - List of device records:

IDNameHostNameTypeDeviceGroupID
43e032dc-07c5-11ea-b83d-d5fdc079bf65FTD_10.8.49.20910.8.49.209Device31b082e4-32c5-11ea-9d47-eda81976c864

34. ciscofp-deploy-to-devices


Creates a request for deploying configuration changes to devices.

Base Command

ciscofp-deploy-to-devices

Input
Argument NameDescriptionRequired
force_deployBoolean indicating whether to force deployment. Can be "true" or "false".Required
ignore_warningBoolean indicating whether to ignore warning. Can be "true" or "false".Required
device_idsA list of device IDs.Required
versionThe version to deploy. To get versions, use the ciscofp-get-deployable-devices command.Required
Context Output
PathTypeDescription
CiscoFP.Deploy.TaskIDStringThe task ID.
CiscoFP.Deploy.ForceDeployStringWhether to force deploy.
CiscoFP.Deploy.IgnoreWarningStringWhether to ignore warning.
CiscoFP.Deploy.VersionStringThe version of the policy.
CiscoFP.Deploy.DeviceListStringThe list of devices.
Command Example

!ciscofp-deploy-to-devices device_ids=43e032dc-07c5-11ea-b83d-d5fdc079bf65 force_deploy=false ignore_warning=false version=1585679109082

Context Example
{
"CiscoFP.Deploy": {
"DeviceList": [
"43e032dc-07c5-11ea-b83d-d5fdc079bf65"
],
"ForceDeploy": false,
"Version": "1585679109082",
"TaskID": "133143991633",
"IgnoreWarning": false
}
}
Human Readable Output

Cisco Firepower - devices requests to deploy.

TaskIDForceDeployIgnoreWarningVersionDeviceList
133143991633falsefalse15856791090821

35. ciscofp-get-task-status


Retrieves information about a previously submitted pending job or task with the specified ID. Used for deploying.

Base Command

ciscofp-get-task-status

Input
Argument NameDescriptionRequired
task_idThe ID of the task for which to check the status.Required
Context Output
PathTypeDescription
CiscoFP.TaskStatus.StatusStringtask status
Command Example

!ciscofp-get-task-status task_id=133143991633

Context Example
{
"CiscoFP.TaskStatus": {
"Status": "Deployed"
}
}
Human Readable Output

Cisco Firepower - 133143991633 status:

Status
Deployed