Skip to main content

Cisco ASA

Overview#


Use the Cisco Adaptive Security Appliance Software integration to manage interfaces, rules, and network objects. This integration was integrated and tested with version 9.12(3) of Cisco ASA

Configure Cisco ASA on Cortex XSOAR#


  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Cisco ASA.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server URL (e.g. https://192.168.0.1)
    • Credentials
    • Use system proxy settings
    • Trust any certificate (not secure)
    • Is ASAv
  4. Click Test to validate the URLs, token, and connection.

Commands#


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. cisco-asa-list-rules
  2. cisco-asa-backup
  3. cisco-asa-get-rule-by-id
  4. cisco-asa-create-rule
  5. cisco-asa-delete-rule
  6. cisco-asa-edit-rule
  7. cisco-asa-list-network-objects
  8. cisco-asa-create-network-object
  9. cisco-asa-list-interfaces

1. cisco-asa-list-rules#


Gets a list all rules for the supplied interface.

Base Command#

cisco-asa-list-rules

Input#
Argument NameDescriptionRequired
interface_nameThe name of the interface from which to get rules.Optional
interface_typeThe interface type. Can be "In", "Out", or "Global"Optional
Context Output#
PathTypeDescription
CiscoASA.Rules.SourceStringThe rule's source.
CiscoASA.Rules.DestStringThe rule's destination.
CiscoASA.Rules.InterfaceTypeStringThe interface type. Can be "In", "Out", or "Global".
CiscoASA.Rules.IsActiveBooleanWhether the rule is active.
CiscoASA.Rules.InterfaceStringThe name of the interface.
CiscoASA.Rules.PositionNumberThe position of the rule.
CiscoASA.Rules.IDStringThe rule ID.
CiscoASA.Rules.RemarksUnknownA list of all rule remarks.
CiscoASA.Rules.PermitBooleanWhether the rule permits traffic from source to destination.
CiscoASA.Rules.DestServiceStringThe destination service.
CiscoASA.Rules.SourceServiceStringThe source service.
Command Example#

!cisco-asa-list-rules interface_type="Global"

Context Example#
{
"CiscoASA.Rules": [
{
"SourceService": "tcp",
"DestService": "tcp",
"Source": "Windows10",
"Dest": "2.2.2.2",
"Remarks": [],
"InterfaceType": "Global",
"Permit": true,
"Interface": null,
"Position": 1,
"ID": "924049783",
"IsActive": true
},
{
"SourceService": "ip",
"DestService": "ip",
"Source": "1.1.1.1",
"Dest": "2.2.2.2",
"Remarks": [],
"InterfaceType": "Global",
"Permit": false,
"Interface": null,
"Position": 2,
"ID": "3156543720",
"IsActive": true
}
]
}
Human Readable Output#

Rules:#

IDSourceDestPermitInterfaceInterfaceTypeIsActivePositionSourceServicedestService
924049783Windows102.2.2.2trueGlobaltrue1tcp
31565437201.1.1.12.2.2.2falseGlobaltrue2ip

2. cisco-asa-backup#


Creates a backup of the current settings (i.e., the backup.cfg file).

Base Command#

cisco-asa-backup

Input#
Argument NameDescriptionRequired
backup_nameThe name of the backup.Required
passphrasePassphrase for backup.Optional
Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

3. cisco-asa-get-rule-by-id#


Gets a specific rule by rule ID.

Base Command#

cisco-asa-get-rule-by-id

Input#
Argument NameDescriptionRequired
rule_idThe rule ID.Required
interface_nameThe name of the interfaceOptional
interface_typeThe interface type. Can be "In", "Out", or "Global".Required
Context Output#
PathTypeDescription
CiscoASA.Rules.InterfaceStringThe name of the interface.
CiscoASA.Rules.SourceStringThe rule's source.
CiscoASA.Rules.DestStringThe rule's destination.
CiscoASA.Rules.InterfaceTypeStringThe interface type. Can be "In", "Out", or "Global".
CiscoASA.Rules.IsActiveBooleanWhether the rule is active.
CiscoASA.Rules.PositionNumberThe position of the rule.
CiscoASA.Rules.IDStringThe rule ID.
CiscoASA.Rules.RemarksUnknownA list of all rule remarks.
CiscoASA.Rules.PermitBooleanWhether the rule permits traffic from source to destination.
CiscoASA.Rules.DestServiceStringThe destination service.
CiscoASA.Rules.SourceServiceStringThe source service.
Command Example#

!cisco-asa-get-rule-by-id rule_id=3156543720 interface_type=Global

Context Example#
{
"CiscoASA.Rules": [
{
"Dest": "2.2.2.2",
"DestService": "ip",
"ID": "3156543720",
"Interface": "",
"InterfaceType": "Global",
"IsActive": true,
"Permit": false,
"Position": 2,
"Remarks": [],
"Source": "1.1.1.1",
"SourceService": "ip"
}
]
}
Human Readable Output#

Rule 3156543720:#

IDSourceDestPermitInterfaceInterfaceTypeIsActivePositionSourceServicedestService
31565437201.1.1.12.2.2.2falseGlobaltrue2ip

4. cisco-asa-create-rule#


Creates a rule.

Base Command#

cisco-asa-create-rule

Input#
Argument NameDescriptionRequired
sourceThe source. Can be the value of an IPv4, an address block, or the name of a network object. object.Required
destinationThe destination. Can be the value of an IPv4, an address block, or the name of a network object. object.Required
permitWhether the rule is a permit. If True, the rule is a permit.Required
remarksA list of remarks for the rule.Optional
positionThe position in which to create the rule.Optional
log_levelThe log level of the rule. Can be "Default", "Emergencies", "Alerts", "Critical", "Errors", "Warnings", "Notifications", "Informational", or "Debugging".Optional
activeWhether the rule will be active. If True, the rule will be active.Optional
interface_typeThe interface type. Can be "In", "Out", or "Global".Required
interface_nameThe interface name.Optional
serviceThe service of the rule.Optional
Context Output#
PathTypeDescription
CiscoASA.Rules.SourceStringThe rule's source.
CiscoASA.Rules.DestStringThe rule's destination.
CiscoASA.Rules.InterfaceTypeStringThe interface type. Can be "In", "Out", or "Global".
CiscoASA.Rules.IsActiveBooleanWhether the rule is active.
CiscoASA.Rules.InterfaceStringThe name of the interface.
CiscoASA.Rules.PositionNumberThe position of the rule.
CiscoASA.Rules.IDStringThe rule ID.
CiscoASA.Rules.RemarksUnknownA list of all rule remarks.
CiscoASA.Rules.PermitBooleanWhether the rule permits traffic from source to destination.
CiscoASA.Rules.DestServiceStringThe destination service.
CiscoASA.Rules.SourceServiceStringThe source service.
Command Example#

!cisco-asa-create-rule destination=4.4.4.4 interface_type=Global permit=False source=2.2.2.2

Context Example#
{
"CiscoASA.Rules": [
{
"Dest": "4.4.4.4",
"DestService": "ip",
"ID": "507330730",
"Interface": "",
"InterfaceType": "Global",
"IsActive": true,
"Permit": false,
"Position": 4,
"Remarks": [],
"Source": "2.2.2.2",
"SourceService": "ip"
}
]
}
Human Readable Output#

Created new rule. ID: 507330730#

IDSourceDestPermitInterfaceInterfaceTypeIsActivePositionSourceServicedestService
5073307302.2.2.24.4.4.4falseGlobaltrue4ip

5. cisco-asa-delete-rule#


Deletes a rule.

Base Command#

cisco-asa-delete-rule

Input#
Argument NameDescriptionRequired
rule_idThe rule ID.Required
interface_nameThe name of the interface.Optional
interface_typeThe interface type. Can be "In", "Out", or "Global".Required
Context Output#

There is no context output for this command.

Command Example#

!cisco-asa-delete-rule interface_type=Global rule_id=507330730

Human Readable Output#

Rule 507330730 deleted successfully.

6. cisco-asa-edit-rule#


Updates an existing rule.

Base Command#

cisco-asa-edit-rule

Input#
Argument NameDescriptionRequired
interface_typeThe interface type. Can be "In", "Out", or "Global".Required
interface_nameThe interface name.Optional
rule_idThe rule ID.Required
activeWhether the rule will be active. If True, the rule will be active.Optional
log_levelThe log level of the rule. Can be "Default", "Emergencies", "Alerts", "Critical", "Errors", "Warnings", "Notifications", "Informational", or "Debugging".Optional
positionThe position the rule will be in.Optional
remarksA list of remarks for the rule.Optional
permitWhether the rule is a permit. If True, the rule is a permit.Optional
destinationThe destination. Can be the value of an IPv4, an address block, or the name of a network object.Optional
sourceThe source. Can be the value of an IPv4, an address block, or the name of a network object. object.Optional
serviceThe service of the rule.Optional
Context Output#
PathTypeDescription
CiscoASA.Rules.SourceStringThe rule's source.
CiscoASA.Rules.DestStringThe rule's destination.
CiscoASA.Rules.InterfaceTypeStringThe interface type. Can be "In", "Out", or "Global".
CiscoASA.Rules.IsActiveBooleanWhether the rule is active.
CiscoASA.Rules.InterfaceStringThe name of the interface.
CiscoASA.Rules.PositionNumberThe position of the rule.
CiscoASA.Rules.IDStringThe rule ID.
CiscoASA.Rules.RemarksUnknownA list of all rule remarks.
CiscoASA.Rules.PermitBooleanWhether the rule permits traffic from source to destination.
CiscoASA.Rules.DestServiceStringThe destination service.
CiscoASA.Rules.SourceServiceStringThe source service.
Command Example#

!cisco-asa-edit-rule interface_type=Global rule_id=1536327057

Context Example#

{
"CiscoASA.Rules": [
{
"Dest": "4.4.4.4",
"DestService": "ip",
"ID": "1536327057",
"Interface": "",
"InterfaceType": "Global",
"IsActive": true,
"Permit": false,
"Position": 3,
"Remarks": [
"Wow"
],
"Source": " 1.1.1.1",
"SourceService": "ip"
}
]
}
Human Readable Output#

Edited rule 1536327057#

IDSourceDestPermitInterfaceInterfaceTypeIsActivePositionSourceServicedestService
15363270571.1.1.14.4.4.4falseGlobaltrue3ip

7. cisco-asa-list-network-objects#


Gets a list all configured network objects.

Base Command#

cisco-asa-list-network-objects

Input#
Argument NameDescriptionRequired
object_nameA comma-separated list of network object names for which to get the network.Optional
object_idA comma-separated list of object IDs for which to get the network object.Optional
Context Output#
PathTypeDescription
CiscoASA.NetworkObject.IDStringThe ID of the network object.
CiscoASA.NetworkObject.HostStringThe host information of the network object.
CiscoASA.NetworkObject.DescriptionStringA description of the network object, if exists.
CiscoASA.NetworkObject.NameStringThe name of the network object.
Command Example#

!cisco-asa-list-network-objects

Context Example#
{
"CiscoASA.NetworkObject(val.ID == obj.ID)": [
{
"Host": {
"kind": "IPv4Address",
"value": "1.1.1.1"
},
"ID": "ASA_Demo_NObj_1190",
"Name": "ASA_Demo_NObj_1190"
},
{
"Description": "Cisco ASA",
"Host": {
"kind": "IPv4Address",
"value": "8.8.8.8"
},
"ID": "CiscoASA",
"Name": "CiscoASA"
}
]
}
Human Readable Output#

Network Objects#

IDNameHostDescription
ASA_Demo_NObj_1190ASA_Demo_NObj_1190kind: IPv4Address
value: 1.1.1.1
CiscoASACiscoASAkind: IPv4Address
value:8.8.8.8.
Cisco ASA

8. cisco-asa-create-network-object#


Creates network object.

Base Command#

cisco-asa-create-network-object

Input#
Argument NameDescriptionRequired
object_typeThe type of network object to create.Required
object_nameThe name of the object to create.Required
object_valueThe value of the network object to create.Required
Context Output#
PathTypeDescription
CiscoASA.NetworkObject.IDStringThe ID of the network object.
CiscoASA.NetworkObject.HostStringThe host information of the network object.
CiscoASA.NetworkObject.DescriptionStringA description of the network object, if exists.
CiscoASA.NetworkObject.NameStringThe name of the network object.
Command Example#

!cisco-asa-create-network-object object_name="Object" object_type="IPv4" object_value="1.1.1.1" debug-mode=true

Context Example#
{
"CiscoASA.NetworkObject": [
{
"Host": {
"kind": "IPv4Address",
"value": "1.1.1.1"
},
"ID": "Object",
"Name": "Object"
}
]
}
Human Readable Output#

Network Objects#

IDNameHostDescription
ObjectObjectkind: IPv4Address
value: 1.1.1.1

9. cisco-asa-list-interfaces#


Gets a list of all interfaces.

Base Command#

cisco-asa-list-interfaces

Input#

There are no input arguments for this command.

Context Output#
PathTypeDescription
CiscoASA.Interface.IDStringThe interface ID.
CiscoASA.Interface.NameStringThe inteface name.
CiscoASA.Interface.TypeStringThe interface type. Can be "In", "Out", or "Global".
Command Example#

!cisco-asa-list-interfaces

Context Example#
{
"CiscoASA.Interface": [
{
"ID": "-1",
"Name": null,
"Type": "Global"
},
{
"ID": "GigabitEthernet0_API_SLASH_0",
"Name": "INSIDE",
"Type": "In"
}
]
}
Human Readable Output#

Interfaces#

TypeIDName
Global-1
InGigabitEthernet0_API_SLASH_0INSIDE