Cisco Firepower
Overview
Use the Cisco Firepower integration for unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. This integration was integrated and tested with version xx of Cisco Firepower
Supports FMC 6.2.3 and above
Authentication from a REST API Client Cisco recommends that you use different accounts for interfacing with the API and the Firepower User Interface. Credentials cannot be used for both interfaces simultaneously, and will be logged out without warning if used for both.
Configure Cisco Firepower on Demisto
- Navigate to Settings > Integrations > Servers & Services.
- Search for Cisco Firepower.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Server URL (e.g., https://192.168.0.1)
- Username
- Password
- Trust any certificate (not secure)
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- ciscofp-list-zones
- ciscofp-list-ports
- ciscofp-list-url-categories
- ciscofp-get-network-object
- ciscofp-create-network-object
- ciscofp-update-network-object
- ciscofp-get-network-groups-object
- ciscofp-create-network-groups-objects
- ciscofp-update-network-groups-objects
- ciscofp-delete-network-groups-objects
- ciscofp-get-host-object
- ciscofp-create-host-object
- ciscofp-update-host-object
- ciscofp-delete-network-object
- ciscofp-delete-host-object
- ciscofp-get-access-policy
- ciscofp-create-access-policy
- ciscofp-update-access-policy
- ciscofp-delete-access-policy
- ciscofp-list-security-group-tags
- ciscofp-list-ise-security-group-tag
- ciscofp-list-vlan-tags
- ciscofp-list-vlan-tags-group
- ciscofp-list-applications
- ciscofp-get-access-rules
- ciscofp-create-access-rules
- ciscofp-update-access-rules
- ciscofp-delete-access-rules
- ciscofp-list-policy-assignments
- ciscofp-create-policy-assignments
- ciscofp-update-policy-assignments
- ciscofp-get-deployable-devices
- ciscofp-get-device-records
- ciscofp-deploy-to-devices
- ciscofp-get-task-status
1. ciscofp-list-zones
Retrieves a list of all security zone objects.
Base Command
ciscofp-list-zones
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Zone.ID | String | Zone ID. |
| CiscoFP.Zone.Name | String | Zone name. |
| CiscoFP.Zone.InterfaceMode | String | Zone interface mode. |
| CiscoFP.Zone.Interfaces.Name | String | Name of interfaces belonging to the security zone. |
| CiscoFP.Zone.Interfaces.ID | String | ID of interfaces belonging to the security zone. |
Command Example
!ciscofp-list-zones
Context Example
{
"CiscoFP.Zone": [
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217112",
"Name": "Ethernet1/6"
}
],
"ID": "e5156ab2-c736-11e8-bacb-8d7a1cfa386e",
"Name": "Trust"
},
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217113",
"Name": "Ethernet1/7"
}
],
"ID": "001e2d12-c737-11e8-bacb-8d7a1cfa386e",
"Name": "Untrust"
},
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217109",
"Name": "Ethernet1/3"
}
],
"ID": "5884acce-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Trust"
},
{
"InterfaceMode": "ROUTED",
"Interfaces": [
{
"ID": "000C29A8-BA3B-0ed3-0000-103079217111",
"Name": "Ethernet1/5"
}
],
"ID": "6038978c-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Untrust"
},
{
"InterfaceMode": "INLINE",
"Interfaces": [],
"ID": "62c3f83a-305d-11ea-9d47-eda81976c864",
"Name": "arseny_zone"
}
]
}
Human Readable Output
Cisco Firepower - List zones:
| ID | Name | InterfaceMode | Interfaces |
|---|---|---|---|
| e5156ab2-c736-11e8-bacb-8d7a1cfa386e | Trust | ROUTED | 1 |
| 001e2d12-c737-11e8-bacb-8d7a1cfa386e | Untrust | ROUTED | 1 |
| 5884acce-ffdf-11e9-8a1b-81dfc51749cb | L3-Trust | ROUTED | 1 |
| 6038978c-ffdf-11e9-8a1b-81dfc51749cb | L3-Untrust | ROUTED | 1 |
| 62c3f83a-305d-11ea-9d47-eda81976c864 | arseny_zone | INLINE | 0 |
2. ciscofp-list-ports
Retrieves list of all port objects.
Base Command
ciscofp-list-ports
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Port.ID | String | Port ID. |
| CiscoFP.Port.Name | String | Port name. |
| CiscoFP.Port.Protocol | String | Port protocol. |
| CiscoFP.Port.Port | String | Port number. |
Command Example
!ciscofp-list-ports
Context Example
{
"CiscoFP.Port": [
{
"Port": "5190",
"Protocol": "TCP",
"ID": "1834d812-38bb-11e2-86aa-62f0c593a59a",
"Name": "AOL"
},
{
"Port": "6881-6889",
"Protocol": "TCP",
"ID": "1834e5f0-38bb-11e2-86aa-62f0c593a59a",
"Name": "Bittorrent"
},
{
"Port": "53",
"Protocol": "TCP",
"ID": "1834e712-38bb-11e2-86aa-62f0c593a59a",
"Name": "DNS_over_TCP"
},
{
"Port": "53",
"Protocol": "UDP",
"ID": "1834e8ca-38bb-11e2-86aa-62f0c593a59a",
"Name": "DNS_over_UDP"
},
{
"Port": "21",
"Protocol": "TCP",
"ID": "1834c674-38bb-11e2-86aa-62f0c593a59a",
"Name": "FTP"
},
{
"Port": "80",
"Protocol": "TCP",
"ID": "18312adc-38bb-11e2-86aa-62f0c593a59a",
"Name": "HTTP"
},
{
"Port": "443",
"Protocol": "TCP",
"ID": "1834bd00-38bb-11e2-86aa-62f0c593a59a",
"Name": "HTTPS"
},
{
"Port": "143",
"Protocol": "TCP",
"ID": "1834c37c-38bb-11e2-86aa-62f0c593a59a",
"Name": "IMAP"
},
{
"Port": "389",
"Protocol": "TCP",
"ID": "1834d01a-38bb-11e2-86aa-62f0c593a59a",
"Name": "LDAP"
},
{
"Port": "2049",
"Protocol": "TCP",
"ID": "1834c9c6-38bb-11e2-86aa-62f0c593a59a",
"Name": "NFSD-TCP"
},
{
"Port": "2049",
"Protocol": "UDP",
"ID": "1834caac-38bb-11e2-86aa-62f0c593a59a",
"Name": "NFSD-UDP"
},
{
"Port": "123",
"Protocol": "TCP",
"ID": "1834cb92-38bb-11e2-86aa-62f0c593a59a",
"Name": "NTP-TCP"
},
{
"Port": "123",
"Protocol": "UDP",
"ID": "1834cc96-38bb-11e2-86aa-62f0c593a59a",
"Name": "NTP-UDP"
},
{
"Port": "109",
"Protocol": "TCP",
"ID": "1834c462-38bb-11e2-86aa-62f0c593a59a",
"Name": "POP-2"
},
{
"Port": "110",
"Protocol": "TCP",
"ID": "1834c548-38bb-11e2-86aa-62f0c593a59a",
"Name": "POP-3"
},
{
"Port": "443",
"Protocol": "UDP",
"ID": "000C29A8-BA3B-0ed3-0000-034359739875",
"Name": "quic"
},
{
"Port": "80",
"Protocol": "UDP",
"ID": "000C29A8-BA3B-0ed3-0000-034359739893",
"Name": "quic80"
},
{
"Port": "1645",
"Protocol": "UDP",
"ID": "1834ce94-38bb-11e2-86aa-62f0c593a59a",
"Name": "RADIUS"
},
{
"Port": "520",
"Protocol": "UDP",
"ID": "1834d114-38bb-11e2-86aa-62f0c593a59a",
"Name": "RIP"
},
{
"Port": "5060",
"Protocol": "UDP",
"ID": "1834d204-38bb-11e2-86aa-62f0c593a59a",
"Name": "SIP"
},
{
"Port": "25",
"Protocol": "TCP",
"ID": "1834bf44-38bb-11e2-86aa-62f0c593a59a",
"Name": "SMTP"
},
{
"Port": "465",
"Protocol": "TCP",
"ID": "1834c07a-38bb-11e2-86aa-62f0c593a59a",
"Name": "SMTPS"
},
{
"Port": "161",
"Protocol": "UDP",
"ID": "1834c264-38bb-11e2-86aa-62f0c593a59a",
"Name": "SNMP"
},
{
"Port": "22",
"Protocol": "TCP",
"ID": "1834c890-38bb-11e2-86aa-62f0c593a59a",
"Name": "SSH"
},
{
"Port": "514",
"Protocol": "UDP",
"ID": "1834d6e6-38bb-11e2-86aa-62f0c593a59a",
"Name": "SYSLOG"
},
{
"Port": "1021-65535",
"Protocol": "TCP",
"ID": "1834e50a-38bb-11e2-86aa-62f0c593a59a",
"Name": "TCP_high_ports"
},
{
"Port": "23",
"Protocol": "TCP",
"ID": "28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee",
"Name": "TELNET"
},
{
"Port": "69",
"Protocol": "UDP",
"ID": "1834d5e2-38bb-11e2-86aa-62f0c593a59a",
"Name": "TFTP"
},
{
"Port": "5050",
"Protocol": "TCP",
"ID": "1834da1a-38bb-11e2-86aa-62f0c593a59a",
"Name": "Yahoo_Messenger_Messages"
},
{
"Port": "5000-5001",
"Protocol": "TCP",
"ID": "1834db96-38bb-11e2-86aa-62f0c593a59a",
"Name": "YahooMessenger_Voice_Chat_TCP"
},
{
"Port": "5000-5010",
"Protocol": "UDP",
"ID": "1834dc86-38bb-11e2-86aa-62f0c593a59a",
"Name": "YahooMessenger_Voice_Chat_UDP"
}
]
}
Human Readable Output
Cisco Firepower - List ports:
| ID | Name | Protocol | Port |
|---|---|---|---|
| 1834d812-38bb-11e2-86aa-62f0c593a59a | AOL | TCP | 5190 |
| 1834e5f0-38bb-11e2-86aa-62f0c593a59a | Bittorrent | TCP | 6881-6889 |
| 1834e712-38bb-11e2-86aa-62f0c593a59a | DNS_over_TCP | TCP | 53 |
| 1834e8ca-38bb-11e2-86aa-62f0c593a59a | DNS_over_UDP | UDP | 53 |
| 1834c674-38bb-11e2-86aa-62f0c593a59a | FTP | TCP | 21 |
| 18312adc-38bb-11e2-86aa-62f0c593a59a | HTTP | TCP | 80 |
| 1834bd00-38bb-11e2-86aa-62f0c593a59a | HTTPS | TCP | 443 |
| 1834c37c-38bb-11e2-86aa-62f0c593a59a | IMAP | TCP | 143 |
| 1834d01a-38bb-11e2-86aa-62f0c593a59a | LDAP | TCP | 389 |
| 1834c9c6-38bb-11e2-86aa-62f0c593a59a | NFSD-TCP | TCP | 2049 |
| 1834caac-38bb-11e2-86aa-62f0c593a59a | NFSD-UDP | UDP | 2049 |
| 1834cb92-38bb-11e2-86aa-62f0c593a59a | NTP-TCP | TCP | 123 |
| 1834cc96-38bb-11e2-86aa-62f0c593a59a | NTP-UDP | UDP | 123 |
| 1834c462-38bb-11e2-86aa-62f0c593a59a | POP-2 | TCP | 109 |
| 1834c548-38bb-11e2-86aa-62f0c593a59a | POP-3 | TCP | 110 |
| 000C29A8-BA3B-0ed3-0000-034359739875 | quic | UDP | 443 |
| 000C29A8-BA3B-0ed3-0000-034359739893 | quic80 | UDP | 80 |
| 1834ce94-38bb-11e2-86aa-62f0c593a59a | RADIUS | UDP | 1645 |
| 1834d114-38bb-11e2-86aa-62f0c593a59a | RIP | UDP | 520 |
| 1834d204-38bb-11e2-86aa-62f0c593a59a | SIP | UDP | 5060 |
| 1834bf44-38bb-11e2-86aa-62f0c593a59a | SMTP | TCP | 25 |
| 1834c07a-38bb-11e2-86aa-62f0c593a59a | SMTPS | TCP | 465 |
| 1834c264-38bb-11e2-86aa-62f0c593a59a | SNMP | UDP | 161 |
| 1834c890-38bb-11e2-86aa-62f0c593a59a | SSH | TCP | 22 |
| 1834d6e6-38bb-11e2-86aa-62f0c593a59a | SYSLOG | UDP | 514 |
| 1834e50a-38bb-11e2-86aa-62f0c593a59a | TCP_high_ports | TCP | 1021-65535 |
| 28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee | TELNET | TCP | 23 |
| 1834d5e2-38bb-11e2-86aa-62f0c593a59a | TFTP | UDP | 69 |
| 1834da1a-38bb-11e2-86aa-62f0c593a59a | Yahoo_Messenger_Messages | TCP | 5050 |
| 1834db96-38bb-11e2-86aa-62f0c593a59a | YahooMessenger_Voice_Chat_TCP | TCP | 5000-5001 |
| 1834dc86-38bb-11e2-86aa-62f0c593a59a | YahooMessenger_Voice_Chat_UDP | UDP | 5000-5010 |
3. ciscofp-list-url-categories
Retrieves a list of all URL category objects.
Base Command
ciscofp-list-url-categories
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Category.ID | String | ID of the category. |
| CiscoFP.Category.Name | String | Name of the category. |
Command Example
!ciscofp-list-url-categories
Context Example
{
"CiscoFP.Category": [
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02054",
"Name": "Pornography"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02042",
"Name": "Spiritual Healing"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02033",
"Name": "Tasteless or Obscene"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02005",
"Name": "Shopping"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02016",
"Name": "Hate Speech"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02082",
"Name": "Digital Postcards"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02028",
"Name": "Online Trading"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02034",
"Name": "Lotteries"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02071",
"Name": "File Transfer Services"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02043",
"Name": "Tattoos"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02029",
"Name": "Paranormal and Occult"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02064",
"Name": "Child Abuse Content"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02007",
"Name": "Games"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02037",
"Name": "Web Hosting"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02013",
"Name": "Nature"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02066",
"Name": "Online Storage and Backup"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02070",
"Name": "Mobile Phones"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02012",
"Name": "Science and Technology"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02022",
"Name": "Illegal Activities"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02080",
"Name": "SaaS and B2B"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02092",
"Name": "Parked Domains"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02008",
"Name": "Sports and Recreation"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02001",
"Name": "Education"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02024",
"Name": "Online Communities"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02096",
"Name": "Test Category 3"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02031",
"Name": "Lingerie and Swimsuits"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02051",
"Name": "Cheating and Plagiarism"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02050",
"Name": "Hacking"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02017",
"Name": "Reference"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02076",
"Name": "Fashion"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02025",
"Name": "Filter Avoidance"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02083",
"Name": "Politics"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02067",
"Name": "Internet Telephony"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02097",
"Name": "DIY Projects"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02093",
"Name": "Entertainment"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02077",
"Name": "Alcohol"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02039",
"Name": "Instant Messaging"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02036",
"Name": "Weapons"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02075",
"Name": "Extreme"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02009",
"Name": "Health and Nutrition"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02015",
"Name": "Finance"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02074",
"Name": "Astrology"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02081",
"Name": "Personal Sites"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02073",
"Name": "Streaming Audio"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02084",
"Name": "Illegal Downloads"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02006",
"Name": "Adult"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02061",
"Name": "Dining and Drinking"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02026",
"Name": "Streaming Media"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02085",
"Name": "Organizational Email"
},
{
"ID": "abba9b63-bb10-4729-b901-2e2aa0f02020",
"Name": "Search Engines and Portals"
}
]
}
Human Readable Output
Cisco Firepower - List url categories:
| ID | Name |
|---|---|
| abba9b63-bb10-4729-b901-2e2aa0f02054 | Pornography |
| abba9b63-bb10-4729-b901-2e2aa0f02042 | Spiritual Healing |
| abba9b63-bb10-4729-b901-2e2aa0f02033 | Tasteless or Obscene |
| abba9b63-bb10-4729-b901-2e2aa0f02005 | Shopping |
| abba9b63-bb10-4729-b901-2e2aa0f02016 | Hate Speech |
| abba9b63-bb10-4729-b901-2e2aa0f02082 | Digital Postcards |
| abba9b63-bb10-4729-b901-2e2aa0f02028 | Online Trading |
| abba9b63-bb10-4729-b901-2e2aa0f02034 | Lotteries |
| abba9b63-bb10-4729-b901-2e2aa0f02071 | File Transfer Services |
| abba9b63-bb10-4729-b901-2e2aa0f02043 | Tattoos |
| abba9b63-bb10-4729-b901-2e2aa0f02029 | Paranormal and Occult |
| abba9b63-bb10-4729-b901-2e2aa0f02064 | Child Abuse Content |
| abba9b63-bb10-4729-b901-2e2aa0f02007 | Games |
| abba9b63-bb10-4729-b901-2e2aa0f02037 | Web Hosting |
| abba9b63-bb10-4729-b901-2e2aa0f02013 | Nature |
| abba9b63-bb10-4729-b901-2e2aa0f02066 | Online Storage and Backup |
| abba9b63-bb10-4729-b901-2e2aa0f02070 | Mobile Phones |
| abba9b63-bb10-4729-b901-2e2aa0f02012 | Science and Technology |
| abba9b63-bb10-4729-b901-2e2aa0f02022 | Illegal Activities |
| abba9b63-bb10-4729-b901-2e2aa0f02080 | SaaS and B2B |
| abba9b63-bb10-4729-b901-2e2aa0f02092 | Parked Domains |
| abba9b63-bb10-4729-b901-2e2aa0f02008 | Sports and Recreation |
| abba9b63-bb10-4729-b901-2e2aa0f02001 | Education |
| abba9b63-bb10-4729-b901-2e2aa0f02024 | Online Communities |
| abba9b63-bb10-4729-b901-2e2aa0f02096 | Test Category 3 |
| abba9b63-bb10-4729-b901-2e2aa0f02031 | Lingerie and Swimsuits |
| abba9b63-bb10-4729-b901-2e2aa0f02051 | Cheating and Plagiarism |
| abba9b63-bb10-4729-b901-2e2aa0f02050 | Hacking |
| abba9b63-bb10-4729-b901-2e2aa0f02017 | Reference |
| abba9b63-bb10-4729-b901-2e2aa0f02076 | Fashion |
| abba9b63-bb10-4729-b901-2e2aa0f02025 | Filter Avoidance |
| abba9b63-bb10-4729-b901-2e2aa0f02083 | Politics |
| abba9b63-bb10-4729-b901-2e2aa0f02067 | Internet Telephony |
| abba9b63-bb10-4729-b901-2e2aa0f02097 | DIY Projects |
| abba9b63-bb10-4729-b901-2e2aa0f02093 | Entertainment |
| abba9b63-bb10-4729-b901-2e2aa0f02077 | Alcohol |
| abba9b63-bb10-4729-b901-2e2aa0f02039 | Instant Messaging |
| abba9b63-bb10-4729-b901-2e2aa0f02036 | Weapons |
| abba9b63-bb10-4729-b901-2e2aa0f02075 | Extreme |
| abba9b63-bb10-4729-b901-2e2aa0f02009 | Health and Nutrition |
| abba9b63-bb10-4729-b901-2e2aa0f02015 | Finance |
| abba9b63-bb10-4729-b901-2e2aa0f02074 | Astrology |
| abba9b63-bb10-4729-b901-2e2aa0f02081 | Personal Sites |
| abba9b63-bb10-4729-b901-2e2aa0f02073 | Streaming Audio |
| abba9b63-bb10-4729-b901-2e2aa0f02084 | Illegal Downloads |
| abba9b63-bb10-4729-b901-2e2aa0f02006 | Adult |
| abba9b63-bb10-4729-b901-2e2aa0f02061 | Dining and Drinking |
| abba9b63-bb10-4729-b901-2e2aa0f02026 | Streaming Media |
| abba9b63-bb10-4729-b901-2e2aa0f02085 | Organizational Email |
| abba9b63-bb10-4729-b901-2e2aa0f02020 | Search Engines and Portals |
4. ciscofp-get-network-object
Retrieves the network objects associated with the specified ID. If not supplied, retrieves a list of all network objects.
Base Command
ciscofp-get-network-object
Input
| Argument Name | Description | Required |
|---|---|---|
| object_id | Object ID. | Optional |
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of network object |
| CiscoFP.Network.Name | String | Name of network object |
| CiscoFP.Network.Value | String | CIDR |
| CiscoFP.Network.Overrideable | String | Boolean indicating whether object can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example
!ciscofp-get-network-object
Context Example
{
"CiscoFP.Network": [
{
"Name": "0",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053261"
},
{
"Name": "1",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053289"
},
{
"Name": "2",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053308"
},
{
"Name": "any-ipv4",
"Overridable": false,
"Description": " ",
"Value": "0.0.0.0/0",
"ID": "cb7116e8-66a6-480b-8f9b-295191a0940a"
},
{
"Name": "demo1",
"Overridable": false,
"Description": " ",
"Value": "10.0.0.0/10",
"ID": "000C29A8-BA3B-0ed3-0000-124554061004"
},
{
"Name": "Internal-LAN-Network",
"Overridable": false,
"Description": " ",
"Value": "192.168.1.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-030064772538"
},
{
"Name": "IPv4-Benchmark-Tests",
"Overridable": false,
"Description": " ",
"Value": "198.18.0.0/15",
"ID": "86caab8a-9bdd-420d-858b-5690fde8ce58"
},
{
"Name": "IPv4-Link-Local",
"Overridable": false,
"Description": " ",
"Value": "169.254.0.0/16",
"ID": "f0ce41ae-6ee9-4e00-8762-da9370c4fee5"
},
{
"Name": "IPv4-Multicast",
"Overridable": false,
"Description": " ",
"Value": "224.0.0.0/4",
"ID": "5622db1c-5cd5-4199-a4c8-d8f86dec3bd4"
},
{
"Name": "IPv4-Private-10.0.0.0-8",
"Overridable": false,
"Description": " ",
"Value": "10.0.0.0/8",
"ID": "95916354-5aa1-4057-8eea-b42a5a207abc"
},
{
"Name": "IPv4-Private-172.16.0.0-12",
"Overridable": false,
"Description": " ",
"Value": "172.16.0.0/12",
"ID": "b7a78a7d-20c5-47b2-b02f-86b4360112ac"
},
{
"Name": "IPv4-Private-192.168.0.0-16",
"Overridable": false,
"Description": " ",
"Value": "192.168.0.0/16",
"ID": "1dcefdd8-07f7-438a-9221-97d63710614e"
},
{
"Name": "IPv6-IPv4-Mapped",
"Overridable": false,
"Description": " ",
"Value": "::ffff:0.0.0.0/96",
"ID": "1047b91f-db3a-45b8-9c10-f48ed3f0c3d6"
},
{
"Name": "IPv6-Link-Local",
"Overridable": false,
"Description": " ",
"Value": "fe80::/10",
"ID": "192c14f2-39d9-409d-81e9-357793bdf1ec"
},
{
"Name": "IPv6-Private-Unique-Local-Addresses",
"Overridable": false,
"Description": " ",
"Value": "fc00::/7",
"ID": "0434674f-87f8-4e17-810e-97100407858b"
},
{
"Name": "IPv6-to-IPv4-Relay-Anycast",
"Overridable": false,
"Description": " ",
"Value": "192.88.99.0/24",
"ID": "04ea3f1f-f5a9-4eca-b051-487ebeb4c97f"
},
{
"Name": "n5n",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053215"
},
{
"Name": "nn",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053196"
},
{
"Name": "nnkn",
"Overridable": false,
"Description": "jjj",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053177"
},
{
"Name": "nnn",
"Overridable": false,
"Description": " ",
"Value": "1.0.0.0/24",
"ID": "000C29A8-BA3B-0ed3-0000-124554053149"
},
{
"Name": "playbookTest",
"Overridable": false,
"Description": "my",
"Value": "10.0.0.0/22",
"ID": "000C29A8-BA3B-0ed3-0000-133143990065"
},
{
"Name": "playbookTestUpdate",
"Overridable": true,
"Description": "my",
"Value": "10.0.0.0/23",
"ID": "000C29A8-BA3B-0ed3-0000-124554053327"
},
{
"Name": "rrr",
"Overridable": false,
"Description": " ",
"Value": "10.0.0.0/22",
"ID": "000C29A8-BA3B-0ed3-0000-124554056653"
}
]
}
Human Readable Output
Cisco Firepower - List network objects:
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053261 | 0 | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053289 | 1 | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053308 | 2 | 1.0.0.0/24 | false | |
| cb7116e8-66a6-480b-8f9b-295191a0940a | any-ipv4 | 0.0.0.0/0 | false | |
| 000C29A8-BA3B-0ed3-0000-124554061004 | demo1 | 10.0.0.0/10 | false | |
| 000C29A8-BA3B-0ed3-0000-030064772538 | Internal-LAN-Network | 192.168.1.0/24 | false | |
| 86caab8a-9bdd-420d-858b-5690fde8ce58 | IPv4-Benchmark-Tests | 198.18.0.0/15 | false | |
| f0ce41ae-6ee9-4e00-8762-da9370c4fee5 | IPv4-Link-Local | 169.254.0.0/16 | false | |
| 5622db1c-5cd5-4199-a4c8-d8f86dec3bd4 | IPv4-Multicast | 224.0.0.0/4 | false | |
| 95916354-5aa1-4057-8eea-b42a5a207abc | IPv4-Private-10.0.0.0-8 | 10.0.0.0/8 | false | |
| b7a78a7d-20c5-47b2-b02f-86b4360112ac | IPv4-Private-172.16.0.0-12 | 172.16.0.0/12 | false | |
| 1dcefdd8-07f7-438a-9221-97d63710614e | IPv4-Private-192.168.0.0-16 | 192.168.0.0/16 | false | |
| 1047b91f-db3a-45b8-9c10-f48ed3f0c3d6 | IPv6-IPv4-Mapped | ::ffff:0.0.0.0/96 | false | |
| 192c14f2-39d9-409d-81e9-357793bdf1ec | IPv6-Link-Local | fe80::/10 | false | |
| 0434674f-87f8-4e17-810e-97100407858b | IPv6-Private-Unique-Local-Addresses | fc00::/7 | false | |
| 04ea3f1f-f5a9-4eca-b051-487ebeb4c97f | IPv6-to-IPv4-Relay-Anycast | 192.88.99.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053215 | n5n | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053196 | nn | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053177 | nnkn | 1.0.0.0/24 | false | jjj |
| 000C29A8-BA3B-0ed3-0000-124554053149 | nnn | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-133143990065 | playbookTest | 10.0.0.0/22 | false | my |
| 000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
| 000C29A8-BA3B-0ed3-0000-124554056653 | rrr | 10.0.0.0/22 | false |
5. ciscofp-create-network-object
Creates a network object.
Base Command
ciscofp-create-network-object
Input
| Argument Name | Description | Required |
|---|---|---|
| name | The name of the new object. | Required |
| value | CIDR | Required |
| description | The object description. | Optional |
| overridable | Boolean indicating whether objects can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of network object. |
| CiscoFP.Network.Name | String | Name of network object. |
| CiscoFP.Network.Value | String | CIDR. |
| CiscoFP.Network.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example
!ciscofp-create-network-object name=newTest232 value=10.0.0.0/22 description=test overridable=false
Context Example
{
"CiscoFP.Network": {
"Name": "newTest232",
"Overridable": false,
"Description": "test",
"Value": "10.0.0.0/22",
"ID": "000C29A8-BA3B-0ed3-0000-133143990579"
}
}
Human Readable Output
Cisco Firepower - network object has been created.
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990579 | newTest232 | 10.0.0.0/22 | false | test |
6. ciscofp-update-network-object
Updates the specified network object.
Base Command
ciscofp-update-network-object
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to update. | Required |
| name | The object name. | Required |
| value | CIDR | Required |
| description | The object description. | Optional |
| overridable | Boolean indicating whether the object can be overridden. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of the network object. |
| CiscoFP.Network.Name | String | Name of the network object. |
| CiscoFP.Network.Value | String | CIDR. |
| CiscoFP.Network.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example
!ciscofp-update-network-object id=000C29A8-BA3B-0ed3-0000-124554053327 name=playbookTestUpdate value=10.0.0.0/23 description=my playbook test overridable=true
Context Example
{
"CiscoFP.Network": {
"Name": "playbookTestUpdate",
"Overridable": true,
"Description": "my",
"Value": "10.0.0.0/23",
"ID": "000C29A8-BA3B-0ed3-0000-124554053327"
}
}
Human Readable Output
Cisco Firepower - network object has been updated.
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
7. ciscofp-get-network-groups-object
Retrieves the groups of network objects and addresses associated with the specified ID. If not supplied, retrieves a list of all network objects.
Base Command
ciscofp-get-network-groups-object
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object group for which to return groups and addresses. | Optional |
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of the first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address / CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name. |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example
!ciscofp-get-network-groups-object
Context Example
{
"CiscoFP.NetworkGroups": [
{
"Name": "any",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "69fa2a3a-4487-4e3c-816f-4098f684826e",
"Addresses": [
{
"Type": "Network",
"Value": "0.0.0.0/0"
},
{
"Type": "Host",
"Value": "::/0"
}
]
},
{
"Name": "arseny_group",
"Overridable": false,
"Objects": [
{
"Type": "Host",
"ID": "000C29A8-BA3B-0ed3-0000-124554052144",
"Name": "playbookTestUpdate2"
},
{
"Type": "Network",
"ID": "0434674f-87f8-4e17-810e-97100407858b",
"Name": "IPv6-Private-Unique-Local-Addresses"
},
{
"Type": "Network",
"ID": "1047b91f-db3a-45b8-9c10-f48ed3f0c3d6",
"Name": "IPv6-IPv4-Mapped"
}
],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554052162",
"Addresses": []
},
{
"Name": "ee",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.1.2.2"
}
]
},
{
"Name": "eee",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554053489",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.1.2.2"
}
]
},
{
"Name": "IPv4-Private-All-RFC1918",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "15b12b14-dace-4117-b9d9-a9a7dcfa356f",
"Addresses": [
{
"Type": "Network",
"Value": "10.0.0.0/8"
},
{
"Type": "Network",
"Value": "172.16.0.0/12"
},
{
"Type": "Network",
"Value": "192.168.0.0/16"
}
]
}
]
}
Human Readable Output
Cisco Firepower - List of network groups object:
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 69fa2a3a-4487-4e3c-816f-4098f684826e | any | false | 2 | 0 | |
| 000C29A8-BA3B-0ed3-0000-124554052162 | arseny_group | false | 0 | 3 | |
| 000C29A8-BA3B-0ed3-0000-124554053470 | ee | false | 2 | 0 | |
| 000C29A8-BA3B-0ed3-0000-124554053489 | eee | false | 2 | 0 | |
| 15b12b14-dace-4117-b9d9-a9a7dcfa356f | IPv4-Private-All-RFC1918 | false | 3 | 0 |
8. ciscofp-create-network-groups-objects
Creates a group of network objects.
Base Command
ciscofp-create-network-groups-objects
Input
| Argument Name | Description | Required |
|---|---|---|
| name | The group name. | Required |
| network_objects_id_list | A comma-separated list of object IDs to add to the group. | Optional |
| network_address_list | A comma-separated list of IP addresses or CIDR ranges to add the group. | Optional |
| description | The object description. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name. |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example
!ciscofp-create-network-groups-objects name=playbookTest3 network_address_list=8.8.8.8,4.4.4.4 description=my playbook test overridable=true
Context Example
{
"CiscoFP.NetworkGroups": {
"Name": "playbookTest3",
"Overridable": true,
"Objects": [],
"Description": "my",
"ID": "000C29A8-BA3B-0ed3-0000-133143990785",
"Addresses": [
{
"Type": "Host",
"Value": "8.8.8.8"
},
{
"Type": "Host",
"Value": "4.4.4.4"
}
]
}
}
Human Readable Output
Cisco Firepower - network group has been created.
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990785 | playbookTest3 | true | my | 2 | 0 |
9. ciscofp-update-network-groups-objects
Updates a group of network objects.
Base Command
ciscofp-update-network-groups-objects
Input
| Argument Name | Description | Required |
|---|---|---|
| id | The ID of the group to update. | Required |
| network_objects_id_list | A comma-separated list of object IDs to add the group. | Optional |
| network_address_list | A comma-separated list of IP addresses or CIDR ranges to add the group. | Optional |
| description | The new description for the object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
| name | The group name. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether objects can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name. |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example
!ciscofp-update-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053470 network_address_list=1.2.3.4,1.2.3.5 description=my playbook test overridable=true name=rrrff
Context Example
{
"CiscoFP.NetworkGroups": {
"Name": "rrrff",
"Overridable": true,
"Objects": [],
"Description": "my",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.2.3.5"
}
]
}
}
Human Readable Output
Cisco Firepower - network group has been updated.
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053470 | rrrff | true | my | 2 | 0 |
10. ciscofp-delete-network-groups-objects
Deletes a group of network objects.
Base Command
ciscofp-delete-network-groups-objects
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to delete. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example
!ciscofp-delete-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053489
Context Example
{
"CiscoFP.NetworkGroups": {
"Name": "eee",
"Overridable": false,
"Objects": [],
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554053489",
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
},
{
"Type": "Host",
"Value": "1.1.2.2"
}
]
}
}
Human Readable Output
Cisco Firepower - network group - 000C29A8-BA3B-0ed3-0000-124554053489 - has been delete.
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053489 | eee | false | 2 | 0 |
11. ciscofp-get-host-object
Retrieves the groups of host objects associated with the specified ID. If no ID is passed, the input ID retrieves a list of all network objects.
Base Command
ciscofp-get-host-object
Input
| Argument Name | Description | Required |
|---|---|---|
| object_id | ID of the object for which to retrieve host objects. | Optional |
| limit | Number of items to return. The default is 50 | Optional |
| offset | Index of the first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of host object. |
| CiscoFP.Host.Value | String | The IP address. |
| CiscoFP.Host.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Host.Description | String | A description of the host object. |
Command Example
!ciscofp-get-host-object
Context Example
{
"CiscoFP.Host": [
{
"Name": "any-ipv6",
"Overridable": false,
"Description": " ",
"Value": "::/0",
"ID": "dde11d62-288b-4b4c-92e0-1dad0496f14b"
},
{
"Name": "playbookTest2",
"Overridable": false,
"Description": "my",
"Value": "1.2.3.4",
"ID": "000C29A8-BA3B-0ed3-0000-133143990104"
},
{
"Name": "playbookTestUpdate2",
"Overridable": true,
"Description": "my",
"Value": "1.2.3.5",
"ID": "000C29A8-BA3B-0ed3-0000-124554052144"
},
{
"Name": "SyslogServer",
"Overridable": false,
"Description": " ",
"Value": "10.8.51.161",
"ID": "000C29A8-BA3B-0ed3-0000-103079216589"
}
]
}
Human Readable Output
Cisco Firepower - List host objects:
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| dde11d62-288b-4b4c-92e0-1dad0496f14b | any-ipv6 | ::/0 | false | |
| 000C29A8-BA3B-0ed3-0000-133143990104 | playbookTest2 | 1.2.3.4 | false | my |
| 000C29A8-BA3B-0ed3-0000-124554052144 | playbookTestUpdate2 | 1.2.3.5 | true | my |
| 000C29A8-BA3B-0ed3-0000-103079216589 | SyslogServer | 10.8.51.161 | false |
12. ciscofp-create-host-object
Creates a host object.
Base Command
ciscofp-create-host-object
Input
| Argument Name | Description | Required |
|---|---|---|
| name | The name of the new object. | Required |
| value | The IP address. | Required |
| description | A description of the new object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of the host object. |
| CiscoFP.Host.Value | String | The IP address. |
| CiscoFP.Host.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Host.Description | String | Description of the host object. |
Command Example
!ciscofp-create-host-object name=newTest322 value=1.2.3.4 description=test overridable=false
Context Example
{
"CiscoFP.Host": {
"Name": "newTest322",
"Overridable": false,
"Description": "test",
"Value": "1.2.3.4",
"ID": "000C29A8-BA3B-0ed3-0000-133143990598"
}
}
Human Readable Output
Cisco Firepower - host object has been created.
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990598 | newTest322 | 1.2.3.4 | false | test |
13. ciscofp-update-host-object
Updates the specified host object.
Base Command
ciscofp-update-host-object
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to update. | Required |
| name | Name of the object. | Required |
| value | The IP address. | Required |
| description | Description of the object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of the host object. |
| CiscoFP.Host.Value | String | The IP address. |
| CiscoFP.Host.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Host.Description | String | Description of the host object. |
Command Example
!ciscofp-update-host-object id=000C29A8-BA3B-0ed3-0000-124554052144 name=playbookTestUpdate2 value=1.2.3.5 description=my playbook test overridable=true
Context Example
{
"CiscoFP.Host": {
"Name": "playbookTestUpdate2",
"Overridable": true,
"Description": "my",
"Value": "1.2.3.5",
"ID": "000C29A8-BA3B-0ed3-0000-124554052144"
}
}
Human Readable Output
Cisco Firepower - host object has been updated.
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554052144 | playbookTestUpdate2 | 1.2.3.5 | true | my |
14. ciscofp-delete-network-object
Deletes the specified network object.
Base Command
ciscofp-delete-network-object
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to delete. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of the network object. |
| CiscoFP.Network.Name | String | Name of the network object. |
| CiscoFP.Network.Value | String | CISR range. |
| CiscoFP.Network.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example
!ciscofp-delete-network-object id=000C29A8-BA3B-0ed3-0000-124554053327
Context Example
{
"CiscoFP.Network": {
"Name": "playbookTestUpdate",
"Overridable": true,
"Description": "my",
"Value": "10.0.0.0/23",
"ID": "000C29A8-BA3B-0ed3-0000-124554053327"
}
}
Human Readable Output
Cisco Firepower - network object has been deleted.
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
15. ciscofp-delete-host-object
Deletes the specified host object.
Base Command
ciscofp-delete-host-object
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the host object to delete. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of the host object. |
| CiscoFP.Host.Value | String | CIDR range. |
| CiscoFP.Host.Overridable | String | Whether the object can be overridden. |
| CiscoFP.Host.Description | String | Description of the host object. |
Command Example
!ciscofp-delete-host-object id=000C29A8-BA3B-0ed3-0000-133143990598
Context Example
{
"CiscoFP.Host": {
"Name": "newTest322",
"Overridable": false,
"Description": "test",
"Value": "1.2.3.4",
"ID": "000C29A8-BA3B-0ed3-0000-133143990598"
}
}
Human Readable Output
Cisco Firepower - host object has been deleted.
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990598 | newTest322 | 1.2.3.4 | false | test |
16. ciscofp-get-access-policy
Retrieves the access control policy associated with the specified ID. If no access policy ID is passed, all access control policies are returned.
Base Command
ciscofp-get-access-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the access policy. | Optional |
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example
!ciscofp-get-access-policy
Context Example
{
"CiscoFP.Policy": [
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444674",
"ID": "000C29A8-BA3B-0ed3-0000-133143987627",
"Name": "BPS tst"
},
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268440576",
"ID": "000C29A8-BA3B-0ed3-0000-085899346038",
"Name": "Performance Test Policy without AMP"
},
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444676",
"ID": "000C29A8-BA3B-0ed3-0000-133143990165",
"Name": "playbookTest4"
},
{
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268443677",
"ID": "000C29A8-BA3B-0ed3-0000-124554066053",
"Name": "to test"
}
]
}
Human Readable Output
Cisco Firepower - List access policy:
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143987627 | BPS tst | 000C29A8-BA3B-0ed3-0000-000268444674 |
| 000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-000268440576 |
| 000C29A8-BA3B-0ed3-0000-133143990165 | playbookTest4 | 000C29A8-BA3B-0ed3-0000-000268444676 |
| 000C29A8-BA3B-0ed3-0000-124554066053 | to test | 000C29A8-BA3B-0ed3-0000-000268443677 |
17. ciscofp-create-access-policy
Creates an access control policy.
Base Command
ciscofp-create-access-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| name | The name of the new access policy. | Required |
| action | The action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY". | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example
!ciscofp-create-access-policy name=newTest232 action=BLOCK
Context Example
{
"CiscoFP.Policy": {
"DefaultActionID": "",
"ID": "000C29A8-BA3B-0ed3-0000-133143990627",
"Name": "newTest232"
}
}
Human Readable Output
Cisco Firepower - access policy has been created.
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990627 | newTest232 |
18. ciscofp-update-access-policy
Updates the specified access control policy.
Base Command
ciscofp-update-access-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| name | The access policy name. | Required |
| id | ID of the access policy. | Required |
| default_action_id | ID of the default action. | Required |
| action | The action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY". | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example
!ciscofp-update-access-policy action=BLOCK default_action_id=000C29A8-BA3B-0ed3-0000-000268444682 name=jj id=000C29A8-BA3B-0ed3-0000-133143991123
Context Example
{
"CiscoFP.Policy": {
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444682",
"ID": "000C29A8-BA3B-0ed3-0000-133143991123",
"Name": "jj"
}
}
Human Readable Output
Cisco Firepower - access policy has been updated.
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143991123 | jj | 000C29A8-BA3B-0ed3-0000-000268444682 |
19. ciscofp-delete-access-policy
Deletes the specified access control policy.
Base Command
ciscofp-delete-access-policy
Input
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the access policy. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example
!ciscofp-delete-access-policy id=000C29A8-BA3B-0ed3-0000-133143990869
Context Example
{
"CiscoFP.Policy": {
"DefaultActionID": "000C29A8-BA3B-0ed3-0000-000268444680",
"ID": "000C29A8-BA3B-0ed3-0000-133143990869",
"Name": "qq"
}
}
Human Readable Output
Cisco Firepower - access policy deleted.
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990869 | 000C29A8-BA3B-0ed3-0000-000268444680 |
20. ciscofp-list-security-group-tags
Retrieves a list of all custom security group tag objects.
Base Command
ciscofp-list-security-group-tags
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50 | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.SecurityGroupTags.ID | String | ID of security group tag. |
| CiscoFP.SecurityGroupTags.Name | String | Name of security group tag. |
| CiscoFP.SecurityGroupTags.Tag | Number | The tag number. |
Command Example
!ciscofp-list-security-group-tags
Context Example
{
"CiscoFP.SecurityGroupTags": [
{
"Tag": 1000,
"ID": "8d9813aa-32c1-11ea-9d47-eda81976c864",
"Name": "sample_tag"
},
{
"Tag": 65535,
"ID": "5fce8cce-aa67-11e5-816b-95eb712b72a1",
"Name": "ANY"
}
]
}
Human Readable Output
Cisco Firepower - List security group tags:
| ID | Name | Tag |
|---|---|---|
| 8d9813aa-32c1-11ea-9d47-eda81976c864 | sample_tag | 1000 |
| 5fce8cce-aa67-11e5-816b-95eb712b72a1 | ANY | 65535 |
21. ciscofp-list-ise-security-group-tag
Retrieves a list of all ISE security group tag objects.
Base Command
ciscofp-list-ise-security-group-tag
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.SecurityGroupTags.ID | String | ID of security group tag. |
| CiscoFP.SecurityGroupTags.Name | String | Name of security group tag. |
| CiscoFP.SecurityGroupTags.Tag | Number | The tag number. |
Command Example
!ciscofp-list-ise-security-group-tags
Context Example
{
"CiscoFP.IseSecurityGroupTags": [
{
"Tag": 1000,
"ID": "8d9813aa-32c1-11ea-9d47-eda81976c864",
"Name": "sample_tag"
},
{
"Tag": 65535,
"ID": "5fce8cce-aa67-11e5-816b-95eb712b72a1",
"Name": "ANY"
}
]
}
Human Readable Output
Cisco Firepower - List ise security group tags:
| ID | Name | Tag |
|---|---|---|
| 8d9813aa-32c1-11ea-9d47-eda81976c864 | sample_tag | 1000 |
| 5fce8cce-aa67-11e5-816b-95eb712b72a1 | ANY | 65535 |
22. ciscofp-list-vlan-tags
Retrieves a list of all vlantag objects.
Base Command
ciscofp-list-vlan-tags
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.VlanTags.ID | String | ID of the vlan tag. |
| CiscoFP.VlanTags.Name | String | Name of the vlan tag. |
| CiscoFP.VlanTags.Overridable | Boolean | Boolean indicating whether object values can be overridden. |
| CiscoFP.VlanTags.Description | String | Description of the vlan tag. |
| CiscoFP.VlanTags.StartTag | Number | Start tag number. |
| CiscoFP.VlanTags.EndTag | Number | End tag number. |
Command Example
!ciscofp-list-vlan-tags
Context Example
{
"CiscoFP.VlanTags": [
{
"StartTag": 2013,
"Name": "aaaa",
"EndTag": 2013,
"Overridable": false,
"ID": "000C29A8-BA3B-0ed3-0000-124554052529",
"Description": " "
}
]
}
Human Readable Output
Cisco Firepower - List vlan tags:
| ID | Name | Overridable | Description | StartTag | EndTag |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554052529 | aaaa | false | 2013 | 2013 |
23. ciscofp-list-vlan-tags-group
Retrieves a list of all vlan group tag objects.
Base Command
ciscofp-list-vlan-tags-group
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.VlanTagsGroup.Name | String | Name of the group. |
| CiscoFP.VlanTagsGroup.ID | String | ID of the group. |
| CiscoFP.VlanTagsGroup.Description | String | Description of the object. |
| CiscoFP.VlanTagsGroup.Overridable | Boolean | Boolean indicating whether object values can be overridden. |
| CiscoFP.VlanTagsGroup.Objects.Name | String | Name of the object. |
| CiscoFP.VlanTagsGroup.Objects.ID | String | ID of the object. |
| CiscoFP.VlanTagsGroup.Objects.Description | String | Description of the vlan tag. |
| CiscoFP.VlanTagsGroup.Objects.Overridable | Boolean | Boolean indicating whether object values can be overridden. |
| CiscoFP.VlanTagsGroup.Objects.StartTag | Number | Start tag number. |
| CiscoFP.VlanTagsGroup.Objects.EndTag | Number | End tag number. |
Command Example
!ciscofp-list-vlan-tags-group
Context Example
{
"CiscoFP.VlanTagsGroup": [
{
"Name": "forPlaybookTest",
"Objects": [],
"Overridable": false,
"Description": " ",
"ID": "000C29A8-BA3B-0ed3-0000-124554057022"
}
]
}
Human Readable Output
Cisco Firepower - List of vlan tags groups objects:
| ID | Name | Overridable | Description | Objects |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554057022 | forPlaybookTest | false | 0 |
24. ciscofp-list-applications
Retrieves a list of all application objects.
Base Command
ciscofp-list-applications
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0 | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Applications.Name | String | Name of the application. |
| CiscoFP.Applications.ID | String | ID of the application. |
| CiscoFP.Applications.Risk | String | Risk of the application. |
| CiscoFP.Applications.AppProductivity | String | AppProductivity of the application. |
| CiscoFP.Applications.ApplicationTypes | String | The application type. |
| CiscoFP.Applications.AppCategories.ID | String | AppCategory ID. |
| CiscoFP.Applications.AppCategories.Name | String | AppCategory name. |
| CiscoFP.Applications.AppCategories.Count | String | AppCategory count. |
Command Example
!ciscofp-list-applications
Context Example
{
"CiscoFP.Applications": [
{
"AppCategories": [
{
"Count": 179,
"ID": "80",
"Name": "mobile application"
},
{
"Count": 59,
"ID": "85",
"Name": "VoIP"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "2325",
"Name": "050plus"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1553",
"Name": "1&1 Internet"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "535",
"Name": "1-800-Flowers"
},
{
"AppCategories": [
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "3715",
"Name": "1000mercis"
},
{
"AppCategories": [
{
"Count": 52,
"ID": "82",
"Name": "peer to peer"
}
],
"Risk": "Very High",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Server"
}
],
"ID": "536",
"Name": "100Bao"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1205",
"Name": "12306.cn"
},
{
"AppCategories": [
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4164",
"Name": "123Movies"
},
{
"AppCategories": [
{
"Count": 69,
"ID": "44",
"Name": "email"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1206",
"Name": "126.com"
},
{
"AppCategories": [
{
"Count": 199,
"ID": "37",
"Name": "social networking"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "2385",
"Name": "17173.com"
},
{
"AppCategories": [
{
"Count": 155,
"ID": "3",
"Name": "remote file storage"
},
{
"Count": 234,
"ID": "17",
"Name": "business"
},
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
}
],
"Risk": "Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4165",
"Name": "1fichier"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2346",
"Name": "2345.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Very Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2493",
"Name": "24/7 Media"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Very Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2492",
"Name": "247 Inc."
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "537",
"Name": "2channel"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
}
],
"Risk": "Medium",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1781",
"Name": "2Leep"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 234,
"ID": "17",
"Name": "business"
},
{
"Count": 199,
"ID": "37",
"Name": "social networking"
},
{
"Count": 194,
"ID": "118",
"Name": "ad portal"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "2419",
"Name": "33Across"
},
{
"AppCategories": [
{
"Count": 61,
"ID": "34",
"Name": "security management"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "3866",
"Name": "360 Safeguard"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 12,
"ID": "121",
"Name": "healthcare services"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1207",
"Name": "39.net"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3000",
"Name": "3Com AMP3"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "2",
"Name": "3COM-TSMUX"
},
{
"AppCategories": [
{
"Count": 160,
"ID": "20",
"Name": "gaming"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1256",
"Name": "4399.com"
},
{
"AppCategories": [
{
"Count": 104,
"ID": "40",
"Name": "instant messaging"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "1079",
"Name": "4chan"
},
{
"AppCategories": [
{
"Count": 155,
"ID": "3",
"Name": "remote file storage"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "948",
"Name": "4shared"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 179,
"ID": "80",
"Name": "mobile application"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "1654",
"Name": "500px"
},
{
"AppCategories": [
{
"Count": 199,
"ID": "37",
"Name": "social networking"
}
],
"Risk": "Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1032",
"Name": "51.com"
},
{
"AppCategories": [
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1031",
"Name": "56.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1649",
"Name": "58 City"
},
{
"AppCategories": [
{
"Count": 95,
"ID": "53",
"Name": "multimedia (other)"
},
{
"Count": 117,
"ID": "60",
"Name": "multimedia (music/audio)"
}
],
"Risk": "Medium",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "2218",
"Name": "5by5 Radio"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "538",
"Name": "6.pm"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "959",
"Name": "7digital"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "4",
"Name": "914CG"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
},
{
"Count": 95,
"ID": "53",
"Name": "multimedia (other)"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4167",
"Name": "9Gag"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Server"
}
],
"ID": "1087",
"Name": "9P"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 160,
"ID": "20",
"Name": "gaming"
},
{
"Count": 203,
"ID": "106",
"Name": "news"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "920",
"Name": "9p.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
},
{
"Count": 203,
"ID": "106",
"Name": "news"
}
],
"Risk": "Medium",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "1389",
"Name": "ABC"
},
{
"AppCategories": [
{
"Count": 29,
"ID": "88",
"Name": "web spider/search crawler"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Client"
}
],
"ID": "2205",
"Name": "Abonti"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1167",
"Name": "About.com"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
},
{
"Count": 203,
"ID": "106",
"Name": "news"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4168",
"Name": "ABS-CBN"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "Very High",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "5",
"Name": "ACA Services"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3024",
"Name": "ACAP"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3001",
"Name": "Access Network"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Medium",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "3002",
"Name": "AccessBuilder"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
},
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "Very Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1533",
"Name": "AccuWeather"
},
{
"AppCategories": [
{
"Count": 377,
"ID": "11",
"Name": "e-commerce"
}
],
"Risk": "Low",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "539",
"Name": "Ace Hardware Corporation"
},
{
"AppCategories": [
{
"Count": 234,
"ID": "17",
"Name": "business"
}
],
"Risk": "Very Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "2146",
"Name": "Acer"
},
{
"AppCategories": [
{
"Count": 94,
"ID": "25",
"Name": "web content aggregators"
},
{
"Count": 385,
"ID": "47",
"Name": "multimedia (TV/video)"
}
],
"Risk": "High",
"AppProductivity": "Very Low",
"ApplicationTypes": [
{
"Name": "Webapp"
},
{
"Name": "Server"
}
],
"ID": "4169",
"Name": "AcFun"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Very Low",
"AppProductivity": "Medium",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "6",
"Name": "ACI"
},
{
"AppCategories": [
{
"Count": 54,
"ID": "23",
"Name": "search engine"
},
{
"Count": 29,
"ID": "88",
"Name": "web spider/search crawler"
}
],
"Risk": "Low",
"AppProductivity": "Low",
"ApplicationTypes": [
{
"Name": "Client"
},
{
"Name": "Webapp"
}
],
"ID": "2219",
"Name": "Acoon.de"
},
{
"AppCategories": [
{
"Count": 998,
"ID": "10",
"Name": "network protocols/services"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Server"
}
],
"ID": "7",
"Name": "ACR-NEMA"
},
{
"AppCategories": [
{
"Count": 1009,
"ID": "2",
"Name": "web services provider"
}
],
"Risk": "Low",
"AppProductivity": "High",
"ApplicationTypes": [
{
"Name": "Webapp"
}
],
"ID": "1322",
"Name": "Acrobat.com"
}
]
}
Human Readable Output
Cisco Firepower - List of applications objects:
| ID | Name | Risk | AppProductivity | ApplicationTypes | AppCategories |
|---|---|---|---|---|---|
| 2325 | 050plus | Medium | Medium | 2 | 2 |
| 1553 | 1&1 Internet | Very Low | Low | 1 | 2 |
| 535 | 1-800-Flowers | Low | Very Low | 1 | 1 |
| 3715 | 1000mercis | Low | Very Low | 1 | 1 |
| 536 | 100Bao | Very High | Very Low | 2 | 1 |
| 1205 | 12306.cn | Very Low | High | 1 | 2 |
| 4164 | 123Movies | Medium | Very Low | 2 | 1 |
| 1206 | 126.com | Very Low | High | 1 | 1 |
| 2385 | 17173.com | Medium | Very Low | 2 | 1 |
| 4165 | 1fichier | Low | Medium | 2 | 3 |
| 2346 | 2345.com | Very Low | Medium | 1 | 1 |
| 2493 | 24/7 Media | Very Low | Very Low | 1 | 3 |
| 2492 | 247 Inc. | Very Low | Very Low | 1 | 3 |
| 537 | 2channel | Low | Very Low | 2 | 1 |
| 1781 | 2Leep | Medium | Low | 1 | 1 |
| 2419 | 33Across | Very Low | Medium | 2 | 4 |
| 3866 | 360 Safeguard | Low | High | 1 | 1 |
| 1207 | 39.net | Very Low | High | 1 | 2 |
| 3000 | 3Com AMP3 | Medium | Medium | 1 | 1 |
| 2 | 3COM-TSMUX | Very Low | High | 1 | 1 |
| 1256 | 4399.com | Medium | Very Low | 1 | 1 |
| 1079 | 4chan | Medium | Very Low | 2 | 1 |
| 948 | 4shared | Low | High | 2 | 1 |
| 1654 | 500px | Very Low | Low | 2 | 2 |
| 1032 | 51.com | Low | Low | 1 | 1 |
| 1031 | 56.com | Low | Very Low | 1 | 1 |
| 1649 | 58 City | Very Low | Low | 1 | 2 |
| 2218 | 5by5 Radio | Medium | Low | 2 | 2 |
| 538 | 6.pm | Low | Very Low | 1 | 1 |
| 959 | 7digital | Very Low | Low | 1 | 1 |
| 4 | 914CG | Very Low | Medium | 1 | 1 |
| 4167 | 9Gag | Medium | Very Low | 2 | 2 |
| 1087 | 9P | Very Low | High | 2 | 1 |
| 920 | 9p.com | Medium | Very Low | 1 | 3 |
| 1389 | ABC | Medium | Very Low | 2 | 3 |
| 2205 | Abonti | Low | Very Low | 1 | 1 |
| 1167 | About.com | Very Low | Medium | 1 | 1 |
| 4168 | ABS-CBN | Very Low | High | 2 | 3 |
| 5 | ACA Services | Very Low | Very High | 1 | 1 |
| 3024 | ACAP | Medium | Medium | 1 | 1 |
| 3001 | Access Network | Medium | Medium | 1 | 1 |
| 3002 | AccessBuilder | Medium | Medium | 1 | 1 |
| 1533 | AccuWeather | Very Low | Low | 1 | 3 |
| 539 | Ace Hardware Corporation | Low | Very Low | 1 | 1 |
| 2146 | Acer | Very Low | High | 1 | 1 |
| 4169 | AcFun | High | Very Low | 2 | 2 |
| 6 | ACI | Very Low | Medium | 1 | 1 |
| 2219 | Acoon.de | Low | Low | 2 | 2 |
| 7 | ACR-NEMA | Low | High | 1 | 1 |
| 1322 | Acrobat.com | Low | High | 1 | 1 |
25. ciscofp-get-access-rules
Retrieves the access control rule associated with the specified policy ID and rule ID. If no rule ID is specified, retrieves a list of all access rules associated with the specified policy ID.
Base Command
ciscofp-get-access-rules
Input
| Argument Name | Description | Required |
|---|---|---|
| policy_id | Policy ID. | Required |
| rule_id | Rule ID. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | Rule action. |
| CiscoFP.Rule.Applications.ID | String | Application object ID. |
| CiscoFP.Rule.Applications.Name | String | Application object name. |
| CiscoFP.Rule.Category | String | Category of rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | Address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | Object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | Object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | Object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | Port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | Port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | Port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | Port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | Port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | Port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | Zone ID. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | Zone name. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | Zone type. |
| CiscoFP.Rule.Enabled | Number | Whether the rule is enabled. |
| CiscoFP.Rule.ID | String | Rule ID. |
| CiscoFP.Rule.Name | String | Rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | Object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | Port number. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | Port protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | Object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | Object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | Object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | Object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | Object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | Object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | Object type. |
Command Example
!ciscofp-get-access-rules policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example
{
"CiscoFP.Rule": [
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Mandatory",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 1,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": true,
"ID": "000C29A8-BA3B-0ed3-0000-000268440577",
"Name": "IP Any Any Any"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Mandatory",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 2,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268441600",
"Name": "test"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Mandatory",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 3,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "BLOCK",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "10.0.0.5"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268442624",
"Name": "arseny_rule"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": [
{
"Type": "SecurityZone",
"ID": "6038978c-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Untrust"
},
{
"Type": "SecurityZone",
"ID": "e5156ab2-c736-11e8-bacb-8d7a1cfa386e",
"Name": "Trust"
}
]
},
"DestinationZones": {
"Objects": [
{
"Type": "SecurityZone",
"ID": "e5156ab2-c736-11e8-bacb-8d7a1cfa386e",
"Name": "Trust"
},
{
"Type": "SecurityZone",
"ID": "5884acce-ffdf-11e9-8a1b-81dfc51749cb",
"Name": "L3-Trust"
}
]
},
"DestinationNetworks": {
"Objects": [
{
"Type": "NetworkGroup",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Name": "ee"
},
{
"Type": "Network",
"ID": "000C29A8-BA3B-0ed3-0000-124554053196",
"Name": "nn"
}
],
"Addresses": []
},
"DestinationPorts": {
"Objects": [
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "1834e50a-38bb-11e2-86aa-62f0c593a59a",
"Name": "TCP_high_ports"
},
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "1834c07a-38bb-11e2-86aa-62f0c593a59a",
"Name": "SMTPS"
}
],
"Addresses": [
{
"Protocol": "6",
"Port": "990"
}
]
},
"Section": "Default",
"Enabled": true,
"SourcePorts": {
"Objects": [
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "1834bd00-38bb-11e2-86aa-62f0c593a59a",
"Name": "HTTPS"
},
{
"Type": "ProtocolPortObject",
"Protocol": "TCP",
"ID": "28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee",
"Name": "TELNET"
}
],
"Addresses": [
{
"Protocol": "6",
"Port": "900"
}
]
},
"RuleIndex": 4,
"VlanTags": {
"Objects": [
{
"Type": "VlanTag",
"ID": "000C29A8-BA3B-0ed3-0000-124554052529",
"Name": "aaaa"
}
],
"Numbers": [
{
"StartTag": 1300,
"EndTag": 1300
}
]
},
"Applications": [
{
"ID": "536",
"Name": "100Bao"
},
{
"ID": "3715",
"Name": "1000mercis"
},
{
"ID": "948",
"Name": "4shared"
},
{
"ID": "1087",
"Name": "9P"
}
],
"SourceSecurityGroupTags": {
"Objects": [
{
"Type": "SecurityGroupTag",
"ID": "5fce8cce-aa67-11e5-816b-95eb712b72a1",
"Name": "ANY"
},
{
"Type": "SecurityGroupTag",
"ID": "8d9813aa-32c1-11ea-9d47-eda81976c864",
"Name": "sample_tag"
}
]
},
"Urls": {
"Objects": [
{
"ID": "60f4e2ab-d96c-44a0-bd38-830252b67077",
"Name": "URL CnC"
},
{
"ID": "3e2af68e-5fc8-4b1c-b5bc-b4e7cab5c9eb",
"Name": "URL Spam"
}
],
"Addresses": [
{
"URL": "www.ynet.co.il"
}
]
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [
{
"Type": "Network",
"ID": "000C29A8-BA3B-0ed3-0000-124554053289",
"Name": "1"
},
{
"Type": "NetworkGroup",
"ID": "69fa2a3a-4487-4e3c-816f-4098f684826e",
"Name": "any"
},
{
"Type": "NetworkGroup",
"ID": "000C29A8-BA3B-0ed3-0000-124554053470",
"Name": "ee"
}
],
"Addresses": []
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268443649",
"Name": "mytest"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "8.8.8.2"
},
{
"Type": "Host",
"Value": "4.4.4.8"
}
]
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": false,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 5,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": [
{
"URL": "galitz.com"
},
{
"URL": "goog.com"
}
]
},
"Action": "BLOCK",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "10.0.0.1"
},
{
"Type": "Host",
"Value": "8.8.8.6"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268443653",
"Name": "newUpdateTest"
},
{
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.5"
}
]
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 6,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": [
{
"URL": "www.google.com"
}
]
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268444677",
"Name": "playbookTest5"
}
]
}
Human Readable Output
Cisco Firepower - List of access rules:
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268440577 | IP Any Any Any | ALLOW | true | true | 1 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268441600 | test | ALLOW | true | false | 2 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268442624 | arseny_rule | BLOCK | true | false | 3 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268443649 | mytest | ALLOW | true | false | 4 | Default | --Undefined-- | 3 | 2 | 2 | 4 | 2 | 3 | 2 | 3 | 3 | 2 |
| 000C29A8-BA3B-0ed3-0000-000268443653 | newUpdateTest | BLOCK | false | false | 5 | Default | --Undefined-- | 2 | 0 | 0 | 0 | 0 | 2 | 2 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268444677 | playbookTest5 | ALLOW | true | false | 6 | Default | --Undefined-- | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
26. ciscofp-create-access-rules
Creates an access control rule.
Base Command
ciscofp-create-access-rules
Input
| Argument Name | Description | Required |
|---|---|---|
| action | The rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". | Required |
| rule_name | The rule name. | Required |
| enabled | Boolean indicating whether to enable the access control rule. | Optional |
| source_zone_object_ids | A list of source zone object IDs. To get IDs use the ciscofp-list-zones command. | Optional |
| policy_id | The policy ID in which to create the new rule. | Required |
| destination_zone_object_ids | A list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command. | Optional |
| vlan_tag_object_ids | A list of vlan tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command. | Optional |
| source_network_object_ids | A list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command. | Optional |
| source_network_addresses | A list of source IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_object_ids | A list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_addresses | A list of destination addresses. | Optional |
| source_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands. | Optional |
| destination_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-list-ports command. | Optional |
| source_security_group_tag_object_ids | A list of security group tag object IDs. To get IDs, use the ciscofp-list-security-group-tags command. | Optional |
| application_object_ids | A list of application object IDs. To get IDs, use the ciscofp-list-applications command. | Optional |
| url_object_ids | A list of URL object IDs. To get IDs, use the ciscofp-list-url-categories command. | Optional |
| url_addresses | A list of URL addresses. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone ID. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone name. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone type. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether to enable the rule. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example
!ciscofp-create-access-rules action=ALLOW rule_name=playbookTest5 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Human Readable Output### 26. ciscofp-create-access-rules
Creates an access control rule.
Base Command
ciscofp-create-access-rules
Input
| Argument Name | Description | Required |
|---|---|---|
| action | The rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". | Required |
| rule_name | The rule name. | Required |
| enabled | Boolean indicating whether to enable the access control rule. | Optional |
| source_zone_object_ids | A list of source zone object IDs. To get IDs use the ciscofp-list-zones command. | Optional |
| policy_id | The policy ID in which to create the new rule. | Required |
| destination_zone_object_ids | A list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command. | Optional |
| vlan_tag_object_ids | A list of vlan tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command. | Optional |
| source_network_object_ids | A list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command. | Optional |
| source_network_addresses | A list of source IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_object_ids | A list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_addresses | A list of destination addresses. | Optional |
| source_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands. | Optional |
| destination_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-list-ports command. | Optional |
| source_security_group_tag_object_ids | A list of security group tag object IDs. To get IDs, use the ciscofp-list-security-group-tags command. | Optional |
| application_object_ids | A list of application object IDs. To get IDs, use the ciscofp-list-applications command. | Optional |
| url_object_ids | A list of URL object IDs. To get IDs, use the ciscofp-list-url-categories command. | Optional |
| url_addresses | A list of URL addresses. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone ID. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone name. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone type. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether to enable the rule. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example
!ciscofp-create-access-rules action=ALLOW rule_name=newTest222322 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example
{
"CiscoFP.Rule": {
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.5"
}
]
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": true,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 1,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": [
{
"URL": "www.google.com"
}
]
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": [
{
"Type": "Host",
"Value": "1.2.3.4"
}
]
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268444679",
"Name": "newTest222322"
}
}
Human Readable Output
Cisco Firepower - the new access rule:
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268444679 | newTest222322 | ALLOW | true | false | 1 | Default | --Undefined-- | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
27. ciscofp-update-access-rules
Updates the specified access control rule.
Base Command
ciscofp-update-access-rules
Input
| Argument Name | Description | Required |
|---|---|---|
| update_strategy | The method by which to update the rule. Can be "merge" or "override". If merge, will add the changes requested to the existing rule. If override, will override the fields with the inputs provided and will delete any fields that were not provided. | Required |
| action | The rule action that determines how the system handles matching traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". | Optional |
| rule_name | The rule name. | Optional |
| enabled | Boolean indicating whether to enable the rule. The default is "true". | Optional |
| source_zone_object_ids | A list of source zones object IDs. | Optional |
| policy_id | The policy ID for which to create the new rule. | Required |
| destination_zone_object_ids | A list of destination zones object IDs. | Optional |
| vlan_tag_object_ids | A list of vlan tag object IDs. | Optional |
| source_network_object_ids | A list of source network object IDs. | Optional |
| source_network_addresses | A list of addresses. | Optional |
| destination_network_object_ids | A list of destination network object IDs. | Optional |
| destination_network_addresses | A list of addresses. | Optional |
| source_port_object_ids | A list of port object IDs. | Optional |
| destination_port_object_ids | A list of port object IDs. | Optional |
| source_security_group_tag_object_ids | A list of security group tag object IDs. | Optional |
| application_object_ids | A list of application object IDs. | Optional |
| url_object_ids | A list of URL object IDs. | Optional |
| url_addresses | A list of URL addresses. | Optional |
| rule_id | The ID of the rule to update. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of the rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The destination zone object IDs. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The destination zone object names. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The destination zone object types. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether the rule is enabled. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example
!ciscofp-update-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143987627 rule_id=000C29A8-BA3B-0ed3-0000-000268444675 update_strategy=merge enabled=false
Context Example
{
"CiscoFP.Rule": {
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": false,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": 1,
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": true,
"ID": "000C29A8-BA3B-0ed3-0000-000268444675",
"Name": "BPS-access-policy"
}
}
Human Readable Output
Cisco Firepower - access rule:
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268444675 | BPS-access-policy | ALLOW | false | true | 1 | Default | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
28. ciscofp-delete-access-rules
Deletes the specified access control rule.
Base Command
ciscofp-delete-access-rules
Input
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The policy ID. | Required |
| rule_id | The ID of the rule to delete. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of the rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone IDs. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone names. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone types. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether the rule is enabled. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example
!ciscofp-delete-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143991123 rule_id=000C29A8-BA3B-0ed3-0000-000268444684
Context Example
{
"CiscoFP.Rule": {
"Category": "--Undefined--",
"SourceZones": {
"Objects": []
},
"DestinationZones": {
"Objects": []
},
"DestinationNetworks": {
"Objects": [],
"Addresses": []
},
"DestinationPorts": {
"Objects": [],
"Addresses": []
},
"Section": "Default",
"Enabled": false,
"SourcePorts": {
"Objects": [],
"Addresses": []
},
"RuleIndex": "",
"VlanTags": {
"Objects": [],
"Numbers": []
},
"Applications": [],
"SourceSecurityGroupTags": {
"Objects": []
},
"Urls": {
"Objects": [],
"Addresses": []
},
"Action": "ALLOW",
"SourceNetworks": {
"Objects": [],
"Addresses": []
},
"SendEventsToFMC": false,
"ID": "000C29A8-BA3B-0ed3-0000-000268444684",
"Name": "hgf"
}
}
Human Readable Output
Cisco Firepower - deleted access rule:
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268444684 | hgf | ALLOW | false | false | Default | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
29. ciscofp-list-policy-assignments
Retrieves a list of all policy assignments to target devices.
Base Command
ciscofp-list-policy-assignments
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50 | Optional |
| offset | Index of first item to return. The default is 0 | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.PolicyAssignments.ID | String | The policy assignments ID. |
| CiscoFP.PolicyAssignments.Name | String | The policy assignments name. |
| CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
| CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
| CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
| CiscoFP.PolicyAssignments.Targets.ID | String | The targets ID. |
| CiscoFP.PolicyAssignments.Targets.Name | String | The targets name. |
| CiscoFP.PolicyAssignments.Targets.Type | String | The targets type. |
Command Example
!ciscofp-list-policy-assignments
Context Example
{
"CiscoFP.PolicyAssignments": [
{
"PolicyName": "BPS tst",
"PolicyDescription": "",
"ID": "000C29A8-BA3B-0ed3-0000-133143987627",
"PolicyID": "000C29A8-BA3B-0ed3-0000-133143987627",
"Targets": [
{
"Type": "Device",
"ID": "43e032dc-07c5-11ea-b83d-d5fdc079bf65",
"Name": "FTD_10.8.49.209"
}
],
"Name": "BPS tst"
}
]
}
Human Readable Output
Cisco Firepower - List of policy assignments:
| ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143987627 | BPS tst | BPS tst | 000C29A8-BA3B-0ed3-0000-133143987627 | 1 |
30. ciscofp-create-policy-assignments
Creates policy assignments to target devices.
Base Command
ciscofp-create-policy-assignments
Input
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The policy ID. | Required |
| device_ids | A list of device IDs. | Optional |
| device_group_ids | A list of device group IDs. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.PolicyAssignments.ID | String | The policy assignments ID. |
| CiscoFP.PolicyAssignments.Name | String | The policy assignments name. |
| CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
| CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
| CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
| CiscoFP.PolicyAssignments.Targets.ID | String | The targets ID. |
| CiscoFP.PolicyAssignments.Targets.Name | String | The targets name. |
| CiscoFP.PolicyAssignments.Targets.Type | String | The targets type. |
Command Example
!ciscofp-create-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example
{
"CiscoFP.PolicyAssignments": {
"PolicyName": "Performance Test Policy without AMP",
"PolicyDescription": "",
"ID": "000C29A8-BA3B-0ed3-0000-085899346038",
"PolicyID": "000C29A8-BA3B-0ed3-0000-085899346038",
"Targets": [],
"Name": "Performance Test Policy without AMP"
}
}
Human Readable Output
Cisco Firepower - Policy assignments has been done.
| ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-085899346038 | 0 |
31. ciscofp-update-policy-assignments
Updates the specified policy assignments to target devices.
Base Command
ciscofp-update-policy-assignments
Input
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The policy ID. | Optional |
| device_ids | A list of device IDs. | Optional |
| device_group_ids | A list of device group IDs. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.PolicyAssignments.ID | String | The policy assignments ID. |
| CiscoFP.PolicyAssignments.Name | String | The policy assignments name. |
| CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
| CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
| CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
| CiscoFP.PolicyAssignments.Targets.ID | String | The targets ID. |
| CiscoFP.PolicyAssignments.Targets.Name | String | The targets name. |
| CiscoFP.PolicyAssignments.Targets.Type | String | The targets type. |
Command Example
!ciscofp-update-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example
{
"CiscoFP.PolicyAssignments": {
"PolicyName": "Performance Test Policy without AMP",
"PolicyDescription": "",
"ID": "000C29A8-BA3B-0ed3-0000-085899346038",
"PolicyID": "000C29A8-BA3B-0ed3-0000-085899346038",
"Targets": [],
"Name": "Performance Test Policy without AMP"
}
}
Human Readable Output
Cisco Firepower - Policy assignments has been done.
| ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-085899346038 | 0 |
32. ciscofp-get-deployable-devices
Retrieves a list of all devices with configuration changes that are ready to deploy.
Base Command
ciscofp-get-deployable-devices
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.DeployableDevices.CanBeDeployed | String | Can be deployed. |
| CiscoFP.DeployableDevices.UpToDate | String | Up to date. |
| CiscoFP.DeployableDevices.DeviceID | String | Device ID. |
| CiscoFP.DeployableDevices.DeviceName | String | Device name. |
| CiscoFP.DeployableDevices.DeviceType | String | Device type. |
| CiscoFP.DeployableDevices.Version | String | Device version. |
Command Example
!ciscofp-get-deployable-devices
Context Example
{
"CiscoFP.DeployableDevices": [
{
"DeviceName": "FTD_10.8.49.209",
"CanBeDeployed": true,
"UpToDate": false,
"Version": "1585679109082",
"DeviceType": "SENSOR",
"DeviceID": "43e032dc-07c5-11ea-b83d-d5fdc079bf65"
}
]
}
Human Readable Output
Cisco Firepower - List of deployable devices:
| CanBeDeployed | UpToDate | DeviceID | DeviceName | DeviceType | Version |
|---|---|---|---|---|---|
| true | false | 43e032dc-07c5-11ea-b83d-d5fdc079bf65 | FTD_10.8.49.209 | SENSOR | 1585679109082 |
33. ciscofp-get-device-records
Retrieves list of all device records.
Base Command
ciscofp-get-device-records
Input
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.DeviceRecords.DeviceGroupID | String | The device group ID. |
| CiscoFP.DeviceRecords.HostName | String | The device host. |
| CiscoFP.DeviceRecords.ID | String | The device ID. |
| CiscoFP.DeviceRecords.Name | String | The device name. |
| CiscoFP.DeviceRecords.Type | String | The device type. |
Command Example
!ciscofp-get-device-records
Context Example
{
"CiscoFP.DeviceRecords": [
{
"Name": "FTD_10.8.49.209",
"HostName": "10.8.49.209",
"Type": "Device",
"DeviceGroupID": "31b082e4-32c5-11ea-9d47-eda81976c864",
"ID": "43e032dc-07c5-11ea-b83d-d5fdc079bf65"
}
]
}
Human Readable Output
Cisco Firepower - List of device records:
| ID | Name | HostName | Type | DeviceGroupID |
|---|---|---|---|---|
| 43e032dc-07c5-11ea-b83d-d5fdc079bf65 | FTD_10.8.49.209 | 10.8.49.209 | Device | 31b082e4-32c5-11ea-9d47-eda81976c864 |
34. ciscofp-deploy-to-devices
Creates a request for deploying configuration changes to devices.
Base Command
ciscofp-deploy-to-devices
Input
| Argument Name | Description | Required |
|---|---|---|
| force_deploy | Boolean indicating whether to force deployment. Can be "true" or "false". | Required |
| ignore_warning | Boolean indicating whether to ignore warning. Can be "true" or "false". | Required |
| device_ids | A list of device IDs. | Required |
| version | The version to deploy. To get versions, use the ciscofp-get-deployable-devices command. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.Deploy.TaskID | String | The task ID. |
| CiscoFP.Deploy.ForceDeploy | String | Whether to force deploy. |
| CiscoFP.Deploy.IgnoreWarning | String | Whether to ignore warning. |
| CiscoFP.Deploy.Version | String | The version of the policy. |
| CiscoFP.Deploy.DeviceList | String | The list of devices. |
Command Example
!ciscofp-deploy-to-devices device_ids=43e032dc-07c5-11ea-b83d-d5fdc079bf65 force_deploy=false ignore_warning=false version=1585679109082
Context Example
{
"CiscoFP.Deploy": {
"DeviceList": [
"43e032dc-07c5-11ea-b83d-d5fdc079bf65"
],
"ForceDeploy": false,
"Version": "1585679109082",
"TaskID": "133143991633",
"IgnoreWarning": false
}
}
Human Readable Output
Cisco Firepower - devices requests to deploy.
| TaskID | ForceDeploy | IgnoreWarning | Version | DeviceList |
|---|---|---|---|---|
| 133143991633 | false | false | 1585679109082 | 1 |
35. ciscofp-get-task-status
Retrieves information about a previously submitted pending job or task with the specified ID. Used for deploying.
Base Command
ciscofp-get-task-status
Input
| Argument Name | Description | Required |
|---|---|---|
| task_id | The ID of the task for which to check the status. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| CiscoFP.TaskStatus.Status | String | task status |
Command Example
!ciscofp-get-task-status task_id=133143991633
Context Example
{
"CiscoFP.TaskStatus": {
"Status": "Deployed"
}
}
Human Readable Output
Cisco Firepower - 133143991633 status:
| Status |
|---|
| Deployed |