Cisco ASA
Cisco ASA Pack.#
This Integration is part of the#
OverviewUse the Cisco Adaptive Security Appliance Software integration to manage interfaces, rules, and network objects. This integration was integrated and tested with version 9.12(3) of Cisco ASA
#
Configure Cisco ASA on Cortex XSOAR- Navigate to Settings > Integrations > Servers & Services.
- Search for Cisco ASA.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Server URL (e.g. https://192.168.0.1)
- Credentials
- Use system proxy settings
- Trust any certificate (not secure)
- Is ASAv
- Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- cisco-asa-list-rules
- cisco-asa-backup
- cisco-asa-get-rule-by-id
- cisco-asa-create-rule
- cisco-asa-delete-rule
- cisco-asa-edit-rule
- cisco-asa-list-network-objects
- cisco-asa-create-network-object
- cisco-asa-list-interfaces
#
1. cisco-asa-list-rulesGets a list all rules for the supplied interface.
#
Base Commandcisco-asa-list-rules
#
InputArgument Name | Description | Required |
---|---|---|
interface_name | The name of the interface from which to get rules. | Optional |
interface_type | The interface type. Can be "In", "Out", or "Global" | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.Rules.Source | String | The rule's source. |
CiscoASA.Rules.Dest | String | The rule's destination. |
CiscoASA.Rules.InterfaceType | String | The interface type. Can be "In", "Out", or "Global". |
CiscoASA.Rules.IsActive | Boolean | Whether the rule is active. |
CiscoASA.Rules.Interface | String | The name of the interface. |
CiscoASA.Rules.Position | Number | The position of the rule. |
CiscoASA.Rules.ID | String | The rule ID. |
CiscoASA.Rules.Remarks | Unknown | A list of all rule remarks. |
CiscoASA.Rules.Permit | Boolean | Whether the rule permits traffic from source to destination. |
CiscoASA.Rules.DestService | String | The destination service. |
CiscoASA.Rules.SourceService | String | The source service. |
#
Command Example!cisco-asa-list-rules interface_type="Global"
#
Context Example#
Human Readable Output#
Rules:ID | Source | Dest | Permit | Interface | InterfaceType | IsActive | Position | SourceService | destService |
---|---|---|---|---|---|---|---|---|---|
924049783 | Windows10 | 2.2.2.2 | true | Global | true | 1 | tcp | ||
3156543720 | 1.1.1.1 | 2.2.2.2 | false | Global | true | 2 | ip |
#
2. cisco-asa-backupCreates a backup of the current settings (i.e., the backup.cfg file).
#
Base Commandcisco-asa-backup
#
InputArgument Name | Description | Required |
---|---|---|
backup_name | The name of the backup. | Required |
passphrase | Passphrase for backup. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example
#
Human Readable Output#
3. cisco-asa-get-rule-by-idGets a specific rule by rule ID.
#
Base Commandcisco-asa-get-rule-by-id
#
InputArgument Name | Description | Required |
---|---|---|
rule_id | The rule ID. | Required |
interface_name | The name of the interface | Optional |
interface_type | The interface type. Can be "In", "Out", or "Global". | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.Rules.Interface | String | The name of the interface. |
CiscoASA.Rules.Source | String | The rule's source. |
CiscoASA.Rules.Dest | String | The rule's destination. |
CiscoASA.Rules.InterfaceType | String | The interface type. Can be "In", "Out", or "Global". |
CiscoASA.Rules.IsActive | Boolean | Whether the rule is active. |
CiscoASA.Rules.Position | Number | The position of the rule. |
CiscoASA.Rules.ID | String | The rule ID. |
CiscoASA.Rules.Remarks | Unknown | A list of all rule remarks. |
CiscoASA.Rules.Permit | Boolean | Whether the rule permits traffic from source to destination. |
CiscoASA.Rules.DestService | String | The destination service. |
CiscoASA.Rules.SourceService | String | The source service. |
#
Command Example!cisco-asa-get-rule-by-id rule_id=3156543720 interface_type=Global
#
Context Example#
Human Readable Output#
Rule 3156543720:ID | Source | Dest | Permit | Interface | InterfaceType | IsActive | Position | SourceService | destService |
---|---|---|---|---|---|---|---|---|---|
3156543720 | 1.1.1.1 | 2.2.2.2 | false | Global | true | 2 | ip |
#
4. cisco-asa-create-ruleCreates a rule.
#
Base Commandcisco-asa-create-rule
#
InputArgument Name | Description | Required |
---|---|---|
source | The source. Can be the value of an IPv4, an address block, or the name of a network object. object. | Required |
destination | The destination. Can be the value of an IPv4, an address block, or the name of a network object. object. | Required |
permit | Whether the rule is a permit. If True, the rule is a permit. | Required |
remarks | A list of remarks for the rule. | Optional |
position | The position in which to create the rule. | Optional |
log_level | The log level of the rule. Can be "Default", "Emergencies", "Alerts", "Critical", "Errors", "Warnings", "Notifications", "Informational", or "Debugging". | Optional |
active | Whether the rule will be active. If True, the rule will be active. | Optional |
interface_type | The interface type. Can be "In", "Out", or "Global". | Required |
interface_name | The interface name. | Optional |
service | The service of the rule. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.Rules.Source | String | The rule's source. |
CiscoASA.Rules.Dest | String | The rule's destination. |
CiscoASA.Rules.InterfaceType | String | The interface type. Can be "In", "Out", or "Global". |
CiscoASA.Rules.IsActive | Boolean | Whether the rule is active. |
CiscoASA.Rules.Interface | String | The name of the interface. |
CiscoASA.Rules.Position | Number | The position of the rule. |
CiscoASA.Rules.ID | String | The rule ID. |
CiscoASA.Rules.Remarks | Unknown | A list of all rule remarks. |
CiscoASA.Rules.Permit | Boolean | Whether the rule permits traffic from source to destination. |
CiscoASA.Rules.DestService | String | The destination service. |
CiscoASA.Rules.SourceService | String | The source service. |
#
Command Example!cisco-asa-create-rule destination=4.4.4.4 interface_type=Global permit=False source=2.2.2.2
#
Context Example#
Human Readable Output#
Created new rule. ID: 507330730ID | Source | Dest | Permit | Interface | InterfaceType | IsActive | Position | SourceService | destService |
---|---|---|---|---|---|---|---|---|---|
507330730 | 2.2.2.2 | 4.4.4.4 | false | Global | true | 4 | ip |
#
5. cisco-asa-delete-ruleDeletes a rule.
#
Base Commandcisco-asa-delete-rule
#
InputArgument Name | Description | Required |
---|---|---|
rule_id | The rule ID. | Required |
interface_name | The name of the interface. | Optional |
interface_type | The interface type. Can be "In", "Out", or "Global". | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!cisco-asa-delete-rule interface_type=Global rule_id=507330730
#
Human Readable OutputRule 507330730 deleted successfully.
#
6. cisco-asa-edit-ruleUpdates an existing rule.
#
Base Commandcisco-asa-edit-rule
#
InputArgument Name | Description | Required |
---|---|---|
interface_type | The interface type. Can be "In", "Out", or "Global". | Required |
interface_name | The interface name. | Optional |
rule_id | The rule ID. | Required |
active | Whether the rule will be active. If True, the rule will be active. | Optional |
log_level | The log level of the rule. Can be "Default", "Emergencies", "Alerts", "Critical", "Errors", "Warnings", "Notifications", "Informational", or "Debugging". | Optional |
position | The position the rule will be in. | Optional |
remarks | A list of remarks for the rule. | Optional |
permit | Whether the rule is a permit. If True, the rule is a permit. | Optional |
destination | The destination. Can be the value of an IPv4, an address block, or the name of a network object. | Optional |
source | The source. Can be the value of an IPv4, an address block, or the name of a network object. object. | Optional |
service | The service of the rule. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.Rules.Source | String | The rule's source. |
CiscoASA.Rules.Dest | String | The rule's destination. |
CiscoASA.Rules.InterfaceType | String | The interface type. Can be "In", "Out", or "Global". |
CiscoASA.Rules.IsActive | Boolean | Whether the rule is active. |
CiscoASA.Rules.Interface | String | The name of the interface. |
CiscoASA.Rules.Position | Number | The position of the rule. |
CiscoASA.Rules.ID | String | The rule ID. |
CiscoASA.Rules.Remarks | Unknown | A list of all rule remarks. |
CiscoASA.Rules.Permit | Boolean | Whether the rule permits traffic from source to destination. |
CiscoASA.Rules.DestService | String | The destination service. |
CiscoASA.Rules.SourceService | String | The source service. |
#
Command Example!cisco-asa-edit-rule interface_type=Global rule_id=1536327057
#
Context Example#
Human Readable Output#
Edited rule 1536327057ID | Source | Dest | Permit | Interface | InterfaceType | IsActive | Position | SourceService | destService |
---|---|---|---|---|---|---|---|---|---|
1536327057 | 1.1.1.1 | 4.4.4.4 | false | Global | true | 3 | ip |
#
7. cisco-asa-list-network-objectsGets a list all configured network objects.
#
Base Commandcisco-asa-list-network-objects
#
InputArgument Name | Description | Required |
---|---|---|
object_name | A comma-separated list of network object names for which to get the network. | Optional |
object_id | A comma-separated list of object IDs for which to get the network object. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.NetworkObject.ID | String | The ID of the network object. |
CiscoASA.NetworkObject.Host | String | The host information of the network object. |
CiscoASA.NetworkObject.Description | String | A description of the network object, if exists. |
CiscoASA.NetworkObject.Name | String | The name of the network object. |
#
Command Example!cisco-asa-list-network-objects
#
Context Example#
Human Readable Output#
Network ObjectsID | Name | Host | Description |
---|---|---|---|
ASA_Demo_NObj_1190 | ASA_Demo_NObj_1190 | kind: IPv4Address value: 1.1.1.1 | |
CiscoASA | CiscoASA | kind: IPv4Address value:8.8.8.8. | Cisco ASA |
#
8. cisco-asa-create-network-objectCreates network object.
#
Base Commandcisco-asa-create-network-object
#
InputArgument Name | Description | Required |
---|---|---|
object_type | The type of network object to create. | Required |
object_name | The name of the object to create. | Required |
object_value | The value of the network object to create. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.NetworkObject.ID | String | The ID of the network object. |
CiscoASA.NetworkObject.Host | String | The host information of the network object. |
CiscoASA.NetworkObject.Description | String | A description of the network object, if exists. |
CiscoASA.NetworkObject.Name | String | The name of the network object. |
#
Command Example!cisco-asa-create-network-object object_name="Object" object_type="IPv4" object_value="1.1.1.1" debug-mode=true
#
Context Example#
Human Readable Output#
Network ObjectsID | Name | Host | Description |
---|---|---|---|
Object | Object | kind: IPv4Address value: 1.1.1.1 |
#
9. cisco-asa-list-interfacesGets a list of all interfaces.
#
Base Commandcisco-asa-list-interfaces
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
CiscoASA.Interface.ID | String | The interface ID. |
CiscoASA.Interface.Name | String | The inteface name. |
CiscoASA.Interface.Type | String | The interface type. Can be "In", "Out", or "Global". |
#
Command Example!cisco-asa-list-interfaces
#
Context Example#
Human Readable Output#
InterfacesType | ID | Name |
---|---|---|
Global | -1 | |
In | GigabitEthernet0_API_SLASH_0 | INSIDE |