Cisco Firepower
This Integration is part of the CiscoFirepower Pack.#
Overview#
Use the Cisco Firepower integration for unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection.
Supports FMC 6.2.3 and above
Authentication from a REST API Client Cisco recommends that you use different accounts for interfacing with the API and the Firepower User Interface. Credentials cannot be used for both interfaces simultaneously, and will be logged out without warning if used for both.
Configure Cisco Firepower on Cortex XSOAR#
- Navigate to Settings > Integrations > Servers & Services.
- Search for Cisco Firepower.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Server URL (e.g., https://192.168.0.1)
- Username
- Password
- Trust any certificate (not secure)
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- ciscofp-list-zones
- ciscofp-list-ports
- ciscofp-list-url-categories
- ciscofp-get-network-object
- ciscofp-create-network-object
- ciscofp-update-network-object
- ciscofp-get-network-groups-object
- ciscofp-create-network-groups-objects
- ciscofp-update-network-groups-objects
- ciscofp-delete-network-groups-objects
- ciscofp-get-host-object
- ciscofp-create-host-object
- ciscofp-update-host-object
- ciscofp-delete-network-object
- ciscofp-delete-host-object
- ciscofp-get-access-policy
- ciscofp-create-access-policy
- ciscofp-update-access-policy
- ciscofp-delete-access-policy
- ciscofp-list-security-group-tags
- ciscofp-list-ise-security-group-tag
- ciscofp-list-vlan-tags
- ciscofp-list-vlan-tags-group
- ciscofp-list-applications
- ciscofp-get-access-rules
- ciscofp-create-access-rules
- ciscofp-update-access-rules
- ciscofp-delete-access-rules
- ciscofp-list-policy-assignments
- ciscofp-create-policy-assignments
- ciscofp-update-policy-assignments
- ciscofp-get-deployable-devices
- ciscofp-get-device-records
- ciscofp-deploy-to-devices
- ciscofp-get-task-status
1. ciscofp-list-zones#
Retrieves a list of all security zone objects.
Base Command#
ciscofp-list-zones
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Zone.ID | String | Zone ID. |
| CiscoFP.Zone.Name | String | Zone name. |
| CiscoFP.Zone.InterfaceMode | String | Zone interface mode. |
| CiscoFP.Zone.Interfaces.Name | String | Name of interfaces belonging to the security zone. |
| CiscoFP.Zone.Interfaces.ID | String | ID of interfaces belonging to the security zone. |
Command Example#
!ciscofp-list-zones
Context Example#
Human Readable Output#
Cisco Firepower - List zones:#
| ID | Name | InterfaceMode | Interfaces |
|---|---|---|---|
| e5156ab2-c736-11e8-bacb-8d7a1cfa386e | Trust | ROUTED | 1 |
| 001e2d12-c737-11e8-bacb-8d7a1cfa386e | Untrust | ROUTED | 1 |
| 5884acce-ffdf-11e9-8a1b-81dfc51749cb | L3-Trust | ROUTED | 1 |
| 6038978c-ffdf-11e9-8a1b-81dfc51749cb | L3-Untrust | ROUTED | 1 |
| 62c3f83a-305d-11ea-9d47-eda81976c864 | arseny_zone | INLINE | 0 |
2. ciscofp-list-ports#
Retrieves list of all port objects.
Base Command#
ciscofp-list-ports
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Port.ID | String | Port ID. |
| CiscoFP.Port.Name | String | Port name. |
| CiscoFP.Port.Protocol | String | Port protocol. |
| CiscoFP.Port.Port | String | Port number. |
Command Example#
!ciscofp-list-ports
Context Example#
Human Readable Output#
Cisco Firepower - List ports:#
| ID | Name | Protocol | Port |
|---|---|---|---|
| 1834d812-38bb-11e2-86aa-62f0c593a59a | AOL | TCP | 5190 |
| 1834e5f0-38bb-11e2-86aa-62f0c593a59a | Bittorrent | TCP | 6881-6889 |
| 1834e712-38bb-11e2-86aa-62f0c593a59a | DNS_over_TCP | TCP | 53 |
| 1834e8ca-38bb-11e2-86aa-62f0c593a59a | DNS_over_UDP | UDP | 53 |
| 1834c674-38bb-11e2-86aa-62f0c593a59a | FTP | TCP | 21 |
| 18312adc-38bb-11e2-86aa-62f0c593a59a | HTTP | TCP | 80 |
| 1834bd00-38bb-11e2-86aa-62f0c593a59a | HTTPS | TCP | 443 |
| 1834c37c-38bb-11e2-86aa-62f0c593a59a | IMAP | TCP | 143 |
| 1834d01a-38bb-11e2-86aa-62f0c593a59a | LDAP | TCP | 389 |
| 1834c9c6-38bb-11e2-86aa-62f0c593a59a | NFSD-TCP | TCP | 2049 |
| 1834caac-38bb-11e2-86aa-62f0c593a59a | NFSD-UDP | UDP | 2049 |
| 1834cb92-38bb-11e2-86aa-62f0c593a59a | NTP-TCP | TCP | 123 |
| 1834cc96-38bb-11e2-86aa-62f0c593a59a | NTP-UDP | UDP | 123 |
| 1834c462-38bb-11e2-86aa-62f0c593a59a | POP-2 | TCP | 109 |
| 1834c548-38bb-11e2-86aa-62f0c593a59a | POP-3 | TCP | 110 |
| 000C29A8-BA3B-0ed3-0000-034359739875 | quic | UDP | 443 |
| 000C29A8-BA3B-0ed3-0000-034359739893 | quic80 | UDP | 80 |
| 1834ce94-38bb-11e2-86aa-62f0c593a59a | RADIUS | UDP | 1645 |
| 1834d114-38bb-11e2-86aa-62f0c593a59a | RIP | UDP | 520 |
| 1834d204-38bb-11e2-86aa-62f0c593a59a | SIP | UDP | 5060 |
| 1834bf44-38bb-11e2-86aa-62f0c593a59a | SMTP | TCP | 25 |
| 1834c07a-38bb-11e2-86aa-62f0c593a59a | SMTPS | TCP | 465 |
| 1834c264-38bb-11e2-86aa-62f0c593a59a | SNMP | UDP | 161 |
| 1834c890-38bb-11e2-86aa-62f0c593a59a | SSH | TCP | 22 |
| 1834d6e6-38bb-11e2-86aa-62f0c593a59a | SYSLOG | UDP | 514 |
| 1834e50a-38bb-11e2-86aa-62f0c593a59a | TCP_high_ports | TCP | 1021-65535 |
| 28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee | TELNET | TCP | 23 |
| 1834d5e2-38bb-11e2-86aa-62f0c593a59a | TFTP | UDP | 69 |
| 1834da1a-38bb-11e2-86aa-62f0c593a59a | Yahoo_Messenger_Messages | TCP | 5050 |
| 1834db96-38bb-11e2-86aa-62f0c593a59a | YahooMessenger_Voice_Chat_TCP | TCP | 5000-5001 |
| 1834dc86-38bb-11e2-86aa-62f0c593a59a | YahooMessenger_Voice_Chat_UDP | UDP | 5000-5010 |
3. ciscofp-list-url-categories#
Retrieves a list of all URL category objects.
Base Command#
ciscofp-list-url-categories
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Category.ID | String | ID of the category. |
| CiscoFP.Category.Name | String | Name of the category. |
Command Example#
!ciscofp-list-url-categories
Context Example#
Human Readable Output#
Cisco Firepower - List url categories:#
| ID | Name |
|---|---|
| abba9b63-bb10-4729-b901-2e2aa0f02054 | Pornography |
| abba9b63-bb10-4729-b901-2e2aa0f02042 | Spiritual Healing |
| abba9b63-bb10-4729-b901-2e2aa0f02033 | Tasteless or Obscene |
| abba9b63-bb10-4729-b901-2e2aa0f02005 | Shopping |
| abba9b63-bb10-4729-b901-2e2aa0f02016 | Hate Speech |
| abba9b63-bb10-4729-b901-2e2aa0f02082 | Digital Postcards |
| abba9b63-bb10-4729-b901-2e2aa0f02028 | Online Trading |
| abba9b63-bb10-4729-b901-2e2aa0f02034 | Lotteries |
| abba9b63-bb10-4729-b901-2e2aa0f02071 | File Transfer Services |
| abba9b63-bb10-4729-b901-2e2aa0f02043 | Tattoos |
| abba9b63-bb10-4729-b901-2e2aa0f02029 | Paranormal and Occult |
| abba9b63-bb10-4729-b901-2e2aa0f02064 | Child Abuse Content |
| abba9b63-bb10-4729-b901-2e2aa0f02007 | Games |
| abba9b63-bb10-4729-b901-2e2aa0f02037 | Web Hosting |
| abba9b63-bb10-4729-b901-2e2aa0f02013 | Nature |
| abba9b63-bb10-4729-b901-2e2aa0f02066 | Online Storage and Backup |
| abba9b63-bb10-4729-b901-2e2aa0f02070 | Mobile Phones |
| abba9b63-bb10-4729-b901-2e2aa0f02012 | Science and Technology |
| abba9b63-bb10-4729-b901-2e2aa0f02022 | Illegal Activities |
| abba9b63-bb10-4729-b901-2e2aa0f02080 | SaaS and B2B |
| abba9b63-bb10-4729-b901-2e2aa0f02092 | Parked Domains |
| abba9b63-bb10-4729-b901-2e2aa0f02008 | Sports and Recreation |
| abba9b63-bb10-4729-b901-2e2aa0f02001 | Education |
| abba9b63-bb10-4729-b901-2e2aa0f02024 | Online Communities |
| abba9b63-bb10-4729-b901-2e2aa0f02096 | Test Category 3 |
| abba9b63-bb10-4729-b901-2e2aa0f02031 | Lingerie and Swimsuits |
| abba9b63-bb10-4729-b901-2e2aa0f02051 | Cheating and Plagiarism |
| abba9b63-bb10-4729-b901-2e2aa0f02050 | Hacking |
| abba9b63-bb10-4729-b901-2e2aa0f02017 | Reference |
| abba9b63-bb10-4729-b901-2e2aa0f02076 | Fashion |
| abba9b63-bb10-4729-b901-2e2aa0f02025 | Filter Avoidance |
| abba9b63-bb10-4729-b901-2e2aa0f02083 | Politics |
| abba9b63-bb10-4729-b901-2e2aa0f02067 | Internet Telephony |
| abba9b63-bb10-4729-b901-2e2aa0f02097 | DIY Projects |
| abba9b63-bb10-4729-b901-2e2aa0f02093 | Entertainment |
| abba9b63-bb10-4729-b901-2e2aa0f02077 | Alcohol |
| abba9b63-bb10-4729-b901-2e2aa0f02039 | Instant Messaging |
| abba9b63-bb10-4729-b901-2e2aa0f02036 | Weapons |
| abba9b63-bb10-4729-b901-2e2aa0f02075 | Extreme |
| abba9b63-bb10-4729-b901-2e2aa0f02009 | Health and Nutrition |
| abba9b63-bb10-4729-b901-2e2aa0f02015 | Finance |
| abba9b63-bb10-4729-b901-2e2aa0f02074 | Astrology |
| abba9b63-bb10-4729-b901-2e2aa0f02081 | Personal Sites |
| abba9b63-bb10-4729-b901-2e2aa0f02073 | Streaming Audio |
| abba9b63-bb10-4729-b901-2e2aa0f02084 | Illegal Downloads |
| abba9b63-bb10-4729-b901-2e2aa0f02006 | Adult |
| abba9b63-bb10-4729-b901-2e2aa0f02061 | Dining and Drinking |
| abba9b63-bb10-4729-b901-2e2aa0f02026 | Streaming Media |
| abba9b63-bb10-4729-b901-2e2aa0f02085 | Organizational Email |
| abba9b63-bb10-4729-b901-2e2aa0f02020 | Search Engines and Portals |
4. ciscofp-get-network-object#
Retrieves the network objects associated with the specified ID. If not supplied, retrieves a list of all network objects.
Base Command#
ciscofp-get-network-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| object_id | Object ID. | Optional |
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of network object |
| CiscoFP.Network.Name | String | Name of network object |
| CiscoFP.Network.Value | String | CIDR |
| CiscoFP.Network.Overrideable | String | Boolean indicating whether object can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example#
!ciscofp-get-network-object
Context Example#
Human Readable Output#
Cisco Firepower - List network objects:#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053261 | 0 | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053289 | 1 | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053308 | 2 | 1.0.0.0/24 | false | |
| cb7116e8-66a6-480b-8f9b-295191a0940a | any-ipv4 | 0.0.0.0/0 | false | |
| 000C29A8-BA3B-0ed3-0000-124554061004 | demo1 | 10.0.0.0/10 | false | |
| 000C29A8-BA3B-0ed3-0000-030064772538 | Internal-LAN-Network | 192.168.1.0/24 | false | |
| 86caab8a-9bdd-420d-858b-5690fde8ce58 | IPv4-Benchmark-Tests | 198.18.0.0/15 | false | |
| f0ce41ae-6ee9-4e00-8762-da9370c4fee5 | IPv4-Link-Local | 169.254.0.0/16 | false | |
| 5622db1c-5cd5-4199-a4c8-d8f86dec3bd4 | IPv4-Multicast | 224.0.0.0/4 | false | |
| 95916354-5aa1-4057-8eea-b42a5a207abc | IPv4-Private-10.0.0.0-8 | 10.0.0.0/8 | false | |
| b7a78a7d-20c5-47b2-b02f-86b4360112ac | IPv4-Private-172.16.0.0-12 | 172.16.0.0/12 | false | |
| 1dcefdd8-07f7-438a-9221-97d63710614e | IPv4-Private-192.168.0.0-16 | 192.168.0.0/16 | false | |
| 1047b91f-db3a-45b8-9c10-f48ed3f0c3d6 | IPv6-IPv4-Mapped | ::ffff:0.0.0.0/96 | false | |
| 192c14f2-39d9-409d-81e9-357793bdf1ec | IPv6-Link-Local | fe80::/10 | false | |
| 0434674f-87f8-4e17-810e-97100407858b | IPv6-Private-Unique-Local-Addresses | fc00::/7 | false | |
| 04ea3f1f-f5a9-4eca-b051-487ebeb4c97f | IPv6-to-IPv4-Relay-Anycast | 192.88.99.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053215 | n5n | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053196 | nn | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-124554053177 | nnkn | 1.0.0.0/24 | false | jjj |
| 000C29A8-BA3B-0ed3-0000-124554053149 | nnn | 1.0.0.0/24 | false | |
| 000C29A8-BA3B-0ed3-0000-133143990065 | playbookTest | 10.0.0.0/22 | false | my |
| 000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
| 000C29A8-BA3B-0ed3-0000-124554056653 | rrr | 10.0.0.0/22 | false |
5. ciscofp-create-network-object#
Creates a network object.
Base Command#
ciscofp-create-network-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | The name of the new object. | Required |
| value | CIDR | Required |
| description | The object description. | Optional |
| overridable | Boolean indicating whether objects can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of network object. |
| CiscoFP.Network.Name | String | Name of network object. |
| CiscoFP.Network.Value | String | CIDR. |
| CiscoFP.Network.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example#
!ciscofp-create-network-object name=newTest232 value=10.0.0.0/22 description=test overridable=false
Context Example#
Human Readable Output#
Cisco Firepower - network object has been created.#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990579 | newTest232 | 10.0.0.0/22 | false | test |
6. ciscofp-update-network-object#
Updates the specified network object.
Base Command#
ciscofp-update-network-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to update. | Required |
| name | The object name. | Required |
| value | CIDR | Required |
| description | The object description. | Optional |
| overridable | Boolean indicating whether the object can be overridden. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of the network object. |
| CiscoFP.Network.Name | String | Name of the network object. |
| CiscoFP.Network.Value | String | CIDR. |
| CiscoFP.Network.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example#
!ciscofp-update-network-object id=000C29A8-BA3B-0ed3-0000-124554053327 name=playbookTestUpdate value=10.0.0.0/23 description=my playbook test overridable=true
Context Example#
Human Readable Output#
Cisco Firepower - network object has been updated.#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
7. ciscofp-get-network-groups-object#
Retrieves the groups of network objects and addresses associated with the specified ID. If not supplied, retrieves a list of all network objects.
Base Command#
ciscofp-get-network-groups-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object group for which to return groups and addresses. | Optional |
| limit | The number of items to return. The default is 50. | Optional |
| offset | Index of the first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address / CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name. |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example#
!ciscofp-get-network-groups-object
Context Example#
Human Readable Output#
Cisco Firepower - List of network groups object:#
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 69fa2a3a-4487-4e3c-816f-4098f684826e | any | false | 2 | 0 | |
| 000C29A8-BA3B-0ed3-0000-124554052162 | arseny_group | false | 0 | 3 | |
| 000C29A8-BA3B-0ed3-0000-124554053470 | ee | false | 2 | 0 | |
| 000C29A8-BA3B-0ed3-0000-124554053489 | eee | false | 2 | 0 | |
| 15b12b14-dace-4117-b9d9-a9a7dcfa356f | IPv4-Private-All-RFC1918 | false | 3 | 0 |
8. ciscofp-create-network-groups-objects#
Creates a group of network objects.
Base Command#
ciscofp-create-network-groups-objects
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | The group name. | Required |
| network_objects_id_list | A comma-separated list of object IDs to add to the group. | Optional |
| network_address_list | A comma-separated list of IP addresses or CIDR ranges to add the group. | Optional |
| description | The object description. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether the object can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name. |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example#
!ciscofp-create-network-groups-objects name=playbookTest3 network_address_list=8.8.8.8,4.4.4.4 description=my playbook test overridable=true
Context Example#
Human Readable Output#
Cisco Firepower - network group has been created.#
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990785 | playbookTest3 | true | my | 2 | 0 |
9. ciscofp-update-network-groups-objects#
Updates a group of network objects.
Base Command#
ciscofp-update-network-groups-objects
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | The ID of the group to update. | Required |
| network_objects_id_list | A comma-separated list of object IDs to add the group. | Optional |
| network_address_list | A comma-separated list of IP addresses or CIDR ranges to add the group. | Optional |
| description | The new description for the object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
| name | The group name. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether objects can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name. |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example#
!ciscofp-update-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053470 network_address_list=1.2.3.4,1.2.3.5 description=my playbook test overridable=true name=rrrff
Context Example#
Human Readable Output#
Cisco Firepower - network group has been updated.#
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053470 | rrrff | true | my | 2 | 0 |
10. ciscofp-delete-network-groups-objects#
Deletes a group of network objects.
Base Command#
ciscofp-delete-network-groups-objects
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to delete. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.NetworkGroups.ID | String | The group ID. |
| CiscoFP.NetworkGroups.Name | String | The group name. |
| CiscoFP.NetworkGroups.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.NetworkGroups.Description | String | The group description. |
| CiscoFP.NetworkGroups.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.NetworkGroups.Addresses.Type | String | The address type. |
| CiscoFP.NetworkGroups.Objects.Name | String | The object name |
| CiscoFP.NetworkGroups.Objects.ID | String | The object ID. |
| CiscoFP.NetworkGroups.Objects.Type | String | The object type. |
Command Example#
!ciscofp-delete-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053489
Context Example#
Human Readable Output#
Cisco Firepower - network group - 000C29A8-BA3B-0ed3-0000-124554053489 - has been delete.#
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053489 | eee | false | 2 | 0 |
11. ciscofp-get-host-object#
Retrieves the groups of host objects associated with the specified ID. If no ID is passed, the input ID retrieves a list of all network objects.
Base Command#
ciscofp-get-host-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| object_id | ID of the object for which to retrieve host objects. | Optional |
| limit | Number of items to return. The default is 50 | Optional |
| offset | Index of the first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of host object. |
| CiscoFP.Host.Value | String | The IP address. |
| CiscoFP.Host.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Host.Description | String | A description of the host object. |
Command Example#
!ciscofp-get-host-object
Context Example#
Human Readable Output#
Cisco Firepower - List host objects:#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| dde11d62-288b-4b4c-92e0-1dad0496f14b | any-ipv6 | ::/0 | false | |
| 000C29A8-BA3B-0ed3-0000-133143990104 | playbookTest2 | 1.2.3.4 | false | my |
| 000C29A8-BA3B-0ed3-0000-124554052144 | playbookTestUpdate2 | 1.2.3.5 | true | my |
| 000C29A8-BA3B-0ed3-0000-103079216589 | SyslogServer | 10.8.51.161 | false |
12. ciscofp-create-host-object#
Creates a host object.
Base Command#
ciscofp-create-host-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | The name of the new object. | Required |
| value | The IP address. | Required |
| description | A description of the new object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of the host object. |
| CiscoFP.Host.Value | String | The IP address. |
| CiscoFP.Host.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Host.Description | String | Description of the host object. |
Command Example#
!ciscofp-create-host-object name=newTest322 value=1.2.3.4 description=test overridable=false
Context Example#
Human Readable Output#
Cisco Firepower - host object has been created.#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990598 | newTest322 | 1.2.3.4 | false | test |
13. ciscofp-update-host-object#
Updates the specified host object.
Base Command#
ciscofp-update-host-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to update. | Required |
| name | Name of the object. | Required |
| value | The IP address. | Required |
| description | Description of the object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Can be "true" or "false". The default is "false". | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of the host object. |
| CiscoFP.Host.Value | String | The IP address. |
| CiscoFP.Host.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Host.Description | String | Description of the host object. |
Command Example#
!ciscofp-update-host-object id=000C29A8-BA3B-0ed3-0000-124554052144 name=playbookTestUpdate2 value=1.2.3.5 description=my playbook test overridable=true
Context Example#
Human Readable Output#
Cisco Firepower - host object has been updated.#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554052144 | playbookTestUpdate2 | 1.2.3.5 | true | my |
14. ciscofp-delete-network-object#
Deletes the specified network object.
Base Command#
ciscofp-delete-network-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the object to delete. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Network.ID | String | ID of the network object. |
| CiscoFP.Network.Name | String | Name of the network object. |
| CiscoFP.Network.Value | String | CISR range. |
| CiscoFP.Network.Overridable | String | Boolean indicating whether object values can be overridden. |
| CiscoFP.Network.Description | String | Description of the network object. |
Command Example#
!ciscofp-delete-network-object id=000C29A8-BA3B-0ed3-0000-124554053327
Context Example#
Human Readable Output#
Cisco Firepower - network object has been deleted.#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
15. ciscofp-delete-host-object#
Deletes the specified host object.
Base Command#
ciscofp-delete-host-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the host object to delete. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Host.ID | String | ID of the host object. |
| CiscoFP.Host.Name | String | Name of the host object. |
| CiscoFP.Host.Value | String | CIDR range. |
| CiscoFP.Host.Overridable | String | Whether the object can be overridden. |
| CiscoFP.Host.Description | String | Description of the host object. |
Command Example#
!ciscofp-delete-host-object id=000C29A8-BA3B-0ed3-0000-133143990598
Context Example#
Human Readable Output#
Cisco Firepower - host object has been deleted.#
| ID | Name | Value | Overridable | Description |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990598 | newTest322 | 1.2.3.4 | false | test |
16. ciscofp-get-access-policy#
Retrieves the access control policy associated with the specified ID. If no access policy ID is passed, all access control policies are returned.
Base Command#
ciscofp-get-access-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the access policy. | Optional |
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example#
!ciscofp-get-access-policy
Context Example#
Human Readable Output#
Cisco Firepower - List access policy:#
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143987627 | BPS tst | 000C29A8-BA3B-0ed3-0000-000268444674 |
| 000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-000268440576 |
| 000C29A8-BA3B-0ed3-0000-133143990165 | playbookTest4 | 000C29A8-BA3B-0ed3-0000-000268444676 |
| 000C29A8-BA3B-0ed3-0000-124554066053 | to test | 000C29A8-BA3B-0ed3-0000-000268443677 |
17. ciscofp-create-access-policy#
Creates an access control policy.
Base Command#
ciscofp-create-access-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | The name of the new access policy. | Required |
| action | The action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY". | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example#
!ciscofp-create-access-policy name=newTest232 action=BLOCK
Context Example#
Human Readable Output#
Cisco Firepower - access policy has been created.#
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990627 | newTest232 |
18. ciscofp-update-access-policy#
Updates the specified access control policy.
Base Command#
ciscofp-update-access-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| name | The access policy name. | Required |
| id | ID of the access policy. | Required |
| default_action_id | ID of the default action. | Required |
| action | The action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY". | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example#
!ciscofp-update-access-policy action=BLOCK default_action_id=000C29A8-BA3B-0ed3-0000-000268444682 name=jj id=000C29A8-BA3B-0ed3-0000-133143991123
Context Example#
Human Readable Output#
Cisco Firepower - access policy has been updated.#
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143991123 | jj | 000C29A8-BA3B-0ed3-0000-000268444682 |
19. ciscofp-delete-access-policy#
Deletes the specified access control policy.
Base Command#
ciscofp-delete-access-policy
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the access policy. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Policy.ID | String | The policy ID. |
| CiscoFP.Policy.Name | String | The name of the policy. |
| CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
Command Example#
!ciscofp-delete-access-policy id=000C29A8-BA3B-0ed3-0000-133143990869
Context Example#
Human Readable Output#
Cisco Firepower - access policy deleted.#
| ID | Name | DefaultActionID |
|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143990869 | 000C29A8-BA3B-0ed3-0000-000268444680 |
20. ciscofp-list-security-group-tags#
Retrieves a list of all custom security group tag objects.
Base Command#
ciscofp-list-security-group-tags
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50 | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.SecurityGroupTags.ID | String | ID of security group tag. |
| CiscoFP.SecurityGroupTags.Name | String | Name of security group tag. |
| CiscoFP.SecurityGroupTags.Tag | Number | The tag number. |
Command Example#
!ciscofp-list-security-group-tags
Context Example#
Human Readable Output#
Cisco Firepower - List security group tags:#
| ID | Name | Tag |
|---|---|---|
| 8d9813aa-32c1-11ea-9d47-eda81976c864 | sample_tag | 1000 |
| 5fce8cce-aa67-11e5-816b-95eb712b72a1 | ANY | 65535 |
21. ciscofp-list-ise-security-group-tag#
Retrieves a list of all ISE security group tag objects.
Base Command#
ciscofp-list-ise-security-group-tag
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.SecurityGroupTags.ID | String | ID of security group tag. |
| CiscoFP.SecurityGroupTags.Name | String | Name of security group tag. |
| CiscoFP.SecurityGroupTags.Tag | Number | The tag number. |
Command Example#
!ciscofp-list-ise-security-group-tag
Context Example#
Human Readable Output#
Cisco Firepower - List ise security group tags:#
| ID | Name | Tag |
|---|---|---|
| 8d9813aa-32c1-11ea-9d47-eda81976c864 | sample_tag | 1000 |
| 5fce8cce-aa67-11e5-816b-95eb712b72a1 | ANY | 65535 |
22. ciscofp-list-vlan-tags#
Retrieves a list of all vlantag objects.
Base Command#
ciscofp-list-vlan-tags
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.VlanTags.ID | String | ID of the vlan tag. |
| CiscoFP.VlanTags.Name | String | Name of the vlan tag. |
| CiscoFP.VlanTags.Overridable | Boolean | Boolean indicating whether object values can be overridden. |
| CiscoFP.VlanTags.Description | String | Description of the vlan tag. |
| CiscoFP.VlanTags.StartTag | Number | Start tag number. |
| CiscoFP.VlanTags.EndTag | Number | End tag number. |
Command Example#
!ciscofp-list-vlan-tags
Context Example#
Human Readable Output#
Cisco Firepower - List vlan tags:#
| ID | Name | Overridable | Description | StartTag | EndTag |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554052529 | aaaa | false | 2013 | 2013 |
23. ciscofp-list-vlan-tags-group#
Retrieves a list of all vlan group tag objects.
Base Command#
ciscofp-list-vlan-tags-group
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.VlanTagsGroup.Name | String | Name of the group. |
| CiscoFP.VlanTagsGroup.ID | String | ID of the group. |
| CiscoFP.VlanTagsGroup.Description | String | Description of the object. |
| CiscoFP.VlanTagsGroup.Overridable | Boolean | Boolean indicating whether object values can be overridden. |
| CiscoFP.VlanTagsGroup.Objects.Name | String | Name of the object. |
| CiscoFP.VlanTagsGroup.Objects.ID | String | ID of the object. |
| CiscoFP.VlanTagsGroup.Objects.Description | String | Description of the vlan tag. |
| CiscoFP.VlanTagsGroup.Objects.Overridable | Boolean | Boolean indicating whether object values can be overridden. |
| CiscoFP.VlanTagsGroup.Objects.StartTag | Number | Start tag number. |
| CiscoFP.VlanTagsGroup.Objects.EndTag | Number | End tag number. |
Command Example#
!ciscofp-list-vlan-tags-group
Context Example#
Human Readable Output#
Cisco Firepower - List of vlan tags groups objects:#
| ID | Name | Overridable | Description | Objects |
|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-124554057022 | forPlaybookTest | false | 0 |
24. ciscofp-list-applications#
Retrieves a list of all application objects.
Base Command#
ciscofp-list-applications
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0 | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Applications.Name | String | Name of the application. |
| CiscoFP.Applications.ID | String | ID of the application. |
| CiscoFP.Applications.Risk | String | Risk of the application. |
| CiscoFP.Applications.AppProductivity | String | AppProductivity of the application. |
| CiscoFP.Applications.ApplicationTypes | String | The application type. |
| CiscoFP.Applications.AppCategories.ID | String | AppCategory ID. |
| CiscoFP.Applications.AppCategories.Name | String | AppCategory name. |
| CiscoFP.Applications.AppCategories.Count | String | AppCategory count. |
Command Example#
!ciscofp-list-applications
Context Example#
Human Readable Output#
Cisco Firepower - List of applications objects:#
| ID | Name | Risk | AppProductivity | ApplicationTypes | AppCategories |
|---|---|---|---|---|---|
| 2325 | 050plus | Medium | Medium | 2 | 2 |
| 1553 | 1&1 Internet | Very Low | Low | 1 | 2 |
| 535 | 1-800-Flowers | Low | Very Low | 1 | 1 |
| 3715 | 1000mercis | Low | Very Low | 1 | 1 |
| 536 | 100Bao | Very High | Very Low | 2 | 1 |
| 1205 | 12306.cn | Very Low | High | 1 | 2 |
| 4164 | 123Movies | Medium | Very Low | 2 | 1 |
| 1206 | 126.com | Very Low | High | 1 | 1 |
| 2385 | 17173.com | Medium | Very Low | 2 | 1 |
| 4165 | 1fichier | Low | Medium | 2 | 3 |
| 2346 | 2345.com | Very Low | Medium | 1 | 1 |
| 2493 | 24/7 Media | Very Low | Very Low | 1 | 3 |
| 2492 | 247 Inc. | Very Low | Very Low | 1 | 3 |
| 537 | 2channel | Low | Very Low | 2 | 1 |
| 1781 | 2Leep | Medium | Low | 1 | 1 |
| 2419 | 33Across | Very Low | Medium | 2 | 4 |
| 3866 | 360 Safeguard | Low | High | 1 | 1 |
| 1207 | 39.net | Very Low | High | 1 | 2 |
| 3000 | 3Com AMP3 | Medium | Medium | 1 | 1 |
| 2 | 3COM-TSMUX | Very Low | High | 1 | 1 |
| 1256 | 4399.com | Medium | Very Low | 1 | 1 |
| 1079 | 4chan | Medium | Very Low | 2 | 1 |
| 948 | 4shared | Low | High | 2 | 1 |
| 1654 | 500px | Very Low | Low | 2 | 2 |
| 1032 | 51.com | Low | Low | 1 | 1 |
| 1031 | 56.com | Low | Very Low | 1 | 1 |
| 1649 | 58 City | Very Low | Low | 1 | 2 |
| 2218 | 5by5 Radio | Medium | Low | 2 | 2 |
| 538 | 6.pm | Low | Very Low | 1 | 1 |
| 959 | 7digital | Very Low | Low | 1 | 1 |
| 4 | 914CG | Very Low | Medium | 1 | 1 |
| 4167 | 9Gag | Medium | Very Low | 2 | 2 |
| 1087 | 9P | Very Low | High | 2 | 1 |
| 920 | 9p.com | Medium | Very Low | 1 | 3 |
| 1389 | ABC | Medium | Very Low | 2 | 3 |
| 2205 | Abonti | Low | Very Low | 1 | 1 |
| 1167 | About.com | Very Low | Medium | 1 | 1 |
| 4168 | ABS-CBN | Very Low | High | 2 | 3 |
| 5 | ACA Services | Very Low | Very High | 1 | 1 |
| 3024 | ACAP | Medium | Medium | 1 | 1 |
| 3001 | Access Network | Medium | Medium | 1 | 1 |
| 3002 | AccessBuilder | Medium | Medium | 1 | 1 |
| 1533 | AccuWeather | Very Low | Low | 1 | 3 |
| 539 | Ace Hardware Corporation | Low | Very Low | 1 | 1 |
| 2146 | Acer | Very Low | High | 1 | 1 |
| 4169 | AcFun | High | Very Low | 2 | 2 |
| 6 | ACI | Very Low | Medium | 1 | 1 |
| 2219 | Acoon.de | Low | Low | 2 | 2 |
| 7 | ACR-NEMA | Low | High | 1 | 1 |
| 1322 | Acrobat.com | Low | High | 1 | 1 |
25. ciscofp-get-access-rules#
Retrieves the access control rule associated with the specified policy ID and rule ID. If no rule ID is specified, retrieves a list of all access rules associated with the specified policy ID.
Base Command#
ciscofp-get-access-rules
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | Policy ID. | Required |
| rule_id | Rule ID. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | Rule action. |
| CiscoFP.Rule.Applications.ID | String | Application object ID. |
| CiscoFP.Rule.Applications.Name | String | Application object name. |
| CiscoFP.Rule.Category | String | Category of rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | Address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | Object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | Object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | Object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | Port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | Port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | Port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | Port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | Port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | Port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | Zone ID. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | Zone name. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | Zone type. |
| CiscoFP.Rule.Enabled | Number | Whether the rule is enabled. |
| CiscoFP.Rule.ID | String | Rule ID. |
| CiscoFP.Rule.Name | String | Rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | IP address or CIDR range. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | Object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | Port number. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | Port protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | Object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | Object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | Object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | Object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | Object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | Object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | Object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | Object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | Object type. |
Command Example#
!ciscofp-get-access-rules policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example#
Human Readable Output#
Cisco Firepower - List of access rules:#
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268440577 | IP Any Any Any | ALLOW | true | true | 1 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268441600 | test | ALLOW | true | false | 2 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268442624 | arseny_rule | BLOCK | true | false | 3 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268443649 | mytest | ALLOW | true | false | 4 | Default | --Undefined-- | 3 | 2 | 2 | 4 | 2 | 3 | 2 | 3 | 3 | 2 |
| 000C29A8-BA3B-0ed3-0000-000268443653 | newUpdateTest | BLOCK | false | false | 5 | Default | --Undefined-- | 2 | 0 | 0 | 0 | 0 | 2 | 2 | 0 | 0 | 0 |
| 000C29A8-BA3B-0ed3-0000-000268444677 | playbookTest5 | ALLOW | true | false | 6 | Default | --Undefined-- | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
26. ciscofp-create-access-rules#
Creates an access control rule.
Base Command#
ciscofp-create-access-rules
Input#
| Argument Name | Description | Required |
|---|---|---|
| action | The rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". | Required |
| rule_name | The rule name. | Required |
| enabled | Boolean indicating whether to enable the access control rule. | Optional |
| source_zone_object_ids | A list of source zone object IDs. To get IDs use the ciscofp-list-zones command. | Optional |
| policy_id | The policy ID in which to create the new rule. | Required |
| destination_zone_object_ids | A list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command. | Optional |
| vlan_tag_object_ids | A list of vlan tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command. | Optional |
| source_network_object_ids | A list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command. | Optional |
| source_network_addresses | A list of source IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_object_ids | A list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_addresses | A list of destination addresses. | Optional |
| source_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands. | Optional |
| destination_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-list-ports command. | Optional |
| source_security_group_tag_object_ids | A list of security group tag object IDs. To get IDs, use the ciscofp-list-security-group-tags command. | Optional |
| application_object_ids | A list of application object IDs. To get IDs, use the ciscofp-list-applications command. | Optional |
| url_object_ids | A list of URL object IDs. To get IDs, use the ciscofp-list-url-categories command. | Optional |
| url_addresses | A list of URL addresses. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone ID. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone name. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone type. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether to enable the rule. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example#
!ciscofp-create-access-rules action=ALLOW rule_name=playbookTest5 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Human Readable Output### 26. ciscofp-create-access-rules#
Creates an access control rule.
Base Command#
ciscofp-create-access-rules
Input#
| Argument Name | Description | Required |
|---|---|---|
| action | The rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". | Required |
| rule_name | The rule name. | Required |
| enabled | Boolean indicating whether to enable the access control rule. | Optional |
| source_zone_object_ids | A list of source zone object IDs. To get IDs use the ciscofp-list-zones command. | Optional |
| policy_id | The policy ID in which to create the new rule. | Required |
| destination_zone_object_ids | A list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command. | Optional |
| vlan_tag_object_ids | A list of vlan tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command. | Optional |
| source_network_object_ids | A list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command. | Optional |
| source_network_addresses | A list of source IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_object_ids | A list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
| destination_network_addresses | A list of destination addresses. | Optional |
| source_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands. | Optional |
| destination_port_object_ids | A list of port object IDs. To get IDs, use the ciscofp-list-ports command. | Optional |
| source_security_group_tag_object_ids | A list of security group tag object IDs. To get IDs, use the ciscofp-list-security-group-tags command. | Optional |
| application_object_ids | A list of application object IDs. To get IDs, use the ciscofp-list-applications command. | Optional |
| url_object_ids | A list of URL object IDs. To get IDs, use the ciscofp-list-url-categories command. | Optional |
| url_addresses | A list of URL addresses. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone ID. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone name. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone type. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether to enable the rule. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example#
!ciscofp-create-access-rules action=ALLOW rule_name=newTest222322 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example#
Human Readable Output#
Cisco Firepower - the new access rule:#
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268444679 | newTest222322 | ALLOW | true | false | 1 | Default | --Undefined-- | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
27. ciscofp-update-access-rules#
Updates the specified access control rule.
Base Command#
ciscofp-update-access-rules
Input#
| Argument Name | Description | Required |
|---|---|---|
| update_strategy | The method by which to update the rule. Can be "merge" or "override". If merge, will add the changes requested to the existing rule. If override, will override the fields with the inputs provided and will delete any fields that were not provided. | Required |
| action | The rule action that determines how the system handles matching traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". | Optional |
| rule_name | The rule name. | Optional |
| enabled | Boolean indicating whether to enable the rule. The default is "true". | Optional |
| source_zone_object_ids | A list of source zones object IDs. | Optional |
| policy_id | The policy ID for which to create the new rule. | Required |
| destination_zone_object_ids | A list of destination zones object IDs. | Optional |
| vlan_tag_object_ids | A list of vlan tag object IDs. | Optional |
| source_network_object_ids | A list of source network object IDs. | Optional |
| source_network_addresses | A list of addresses. | Optional |
| destination_network_object_ids | A list of destination network object IDs. | Optional |
| destination_network_addresses | A list of addresses. | Optional |
| source_port_object_ids | A list of port object IDs. | Optional |
| destination_port_object_ids | A list of port object IDs. | Optional |
| source_security_group_tag_object_ids | A list of security group tag object IDs. | Optional |
| application_object_ids | A list of application object IDs. | Optional |
| url_object_ids | A list of URL object IDs. | Optional |
| url_addresses | A list of URL addresses. | Optional |
| rule_id | The ID of the rule to update. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of the rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The destination zone object IDs. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The destination zone object names. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The destination zone object types. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether the rule is enabled. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example#
!ciscofp-update-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143987627 rule_id=000C29A8-BA3B-0ed3-0000-000268444675 update_strategy=merge enabled=false
Context Example#
Human Readable Output#
Cisco Firepower - access rule:#
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268444675 | BPS-access-policy | ALLOW | false | true | 1 | Default | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
28. ciscofp-delete-access-rules#
Deletes the specified access control rule.
Base Command#
ciscofp-delete-access-rules
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The policy ID. | Required |
| rule_id | The ID of the rule to delete. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
| CiscoFP.Rule.Applications.ID | String | The application object ID. |
| CiscoFP.Rule.Applications.Name | String | The application object name. |
| CiscoFP.Rule.Category | String | The category of the rule. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
| CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
| CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
| CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
| CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
| CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone IDs. |
| CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone names. |
| CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone types. |
| CiscoFP.Rule.Enabled | Number | Boolean indicating whether the rule is enabled. |
| CiscoFP.Rule.ID | String | The rule ID. |
| CiscoFP.Rule.Name | String | The rule name. |
| CiscoFP.Rule.RuleIndex | Number | The index of the rule. |
| CiscoFP.Rule.Section | String | The section of the rule. |
| CiscoFP.Rule.SendEventsToFMC | Number | Boolean indicating whether the device will send events to Cisco Firepower. |
| CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
| CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
| CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
| CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
| CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
| CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
| CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
| CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
| CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
| CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
| CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
| CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
| CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The vlan tag number end tag. |
| CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The vlan tag number start tag. |
| CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
| CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
| CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
Command Example#
!ciscofp-delete-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143991123 rule_id=000C29A8-BA3B-0ed3-0000-000268444684
Context Example#
Human Readable Output#
Cisco Firepower - deleted access rule:#
| ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-000268444684 | hgf | ALLOW | false | false | Default | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
29. ciscofp-list-policy-assignments#
Retrieves a list of all policy assignments to target devices.
Base Command#
ciscofp-list-policy-assignments
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50 | Optional |
| offset | Index of first item to return. The default is 0 | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.PolicyAssignments.ID | String | The policy assignments ID. |
| CiscoFP.PolicyAssignments.Name | String | The policy assignments name. |
| CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
| CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
| CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
| CiscoFP.PolicyAssignments.Targets.ID | String | The targets ID. |
| CiscoFP.PolicyAssignments.Targets.Name | String | The targets name. |
| CiscoFP.PolicyAssignments.Targets.Type | String | The targets type. |
Command Example#
!ciscofp-list-policy-assignments
Context Example#
Human Readable Output#
Cisco Firepower - List of policy assignments:#
| ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-133143987627 | BPS tst | BPS tst | 000C29A8-BA3B-0ed3-0000-133143987627 | 1 |
30. ciscofp-create-policy-assignments#
Creates policy assignments to target devices.
Base Command#
ciscofp-create-policy-assignments
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The policy ID. | Required |
| device_ids | A list of device IDs. | Optional |
| device_group_ids | A list of device group IDs. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.PolicyAssignments.ID | String | The policy assignments ID. |
| CiscoFP.PolicyAssignments.Name | String | The policy assignments name. |
| CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
| CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
| CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
| CiscoFP.PolicyAssignments.Targets.ID | String | The targets ID. |
| CiscoFP.PolicyAssignments.Targets.Name | String | The targets name. |
| CiscoFP.PolicyAssignments.Targets.Type | String | The targets type. |
Command Example#
!ciscofp-create-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example#
Human Readable Output#
Cisco Firepower - Policy assignments has been done.#
| ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-085899346038 | 0 |
31. ciscofp-update-policy-assignments#
Updates the specified policy assignments to target devices.
Base Command#
ciscofp-update-policy-assignments
Input#
| Argument Name | Description | Required |
|---|---|---|
| policy_id | The policy ID. | Optional |
| device_ids | A list of device IDs. | Optional |
| device_group_ids | A list of device group IDs. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.PolicyAssignments.ID | String | The policy assignments ID. |
| CiscoFP.PolicyAssignments.Name | String | The policy assignments name. |
| CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
| CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
| CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
| CiscoFP.PolicyAssignments.Targets.ID | String | The targets ID. |
| CiscoFP.PolicyAssignments.Targets.Name | String | The targets name. |
| CiscoFP.PolicyAssignments.Targets.Type | String | The targets type. |
Command Example#
!ciscofp-update-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038
Context Example#
Human Readable Output#
Cisco Firepower - Policy assignments has been done.#
| ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
|---|---|---|---|---|---|
| 000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-085899346038 | 0 |
32. ciscofp-get-deployable-devices#
Retrieves a list of all devices with configuration changes that are ready to deploy.
Base Command#
ciscofp-get-deployable-devices
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
| container_uuid | The container UUID. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.DeployableDevices.CanBeDeployed | String | Can be deployed. |
| CiscoFP.DeployableDevices.UpToDate | String | Up to date. |
| CiscoFP.DeployableDevices.DeviceID | String | Device ID. |
| CiscoFP.DeployableDevices.DeviceName | String | Device name. |
| CiscoFP.DeployableDevices.DeviceType | String | Device type. |
| CiscoFP.DeployableDevices.Version | String | Device version. |
| CiscoFP.PendingDeployment.ID | String | Device ID. |
| CiscoFP.PendingDeployment.Name | String | Device name. |
| CiscoFP.PendingDeployment.Type | String | Device type. |
| CiscoFP.PendingDeployment.Status | String | Device status. |
| CiscoFP.PendingDeployment.StartTime | String | Start time of the deployment. |
| CiscoFP.PendingDeployment.EndTime | String | End time of the deployment. |
Command Example#
!ciscofp-get-deployable-devices container_uuid=a24eca98-7a3a-11eb-999c-cdd9570e11cf
Human Readable Output#
Cisco Firepower - List of devices status pending deployment:#
| EndTime | ID | Name | StartTime | Status | Type |
|---|---|---|---|---|---|
| 1618225761 | 00224867-78A7-0ed3-0000-128849018939 | api_user_job_2021-04-12 11:08:43.523 | 1618225723 | PARTIALLY_SUCCEEDED | Deployment |
33. ciscofp-get-device-records#
Retrieves list of all device records.
Base Command#
ciscofp-get-device-records
Input#
| Argument Name | Description | Required |
|---|---|---|
| limit | The maximum number of items to return. The default is 50. | Optional |
| offset | Index of first item to return. The default is 0. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.DeviceRecords.DeviceGroupID | String | The device group ID. |
| CiscoFP.DeviceRecords.HostName | String | The device host. |
| CiscoFP.DeviceRecords.ID | String | The device ID. |
| CiscoFP.DeviceRecords.Name | String | The device name. |
| CiscoFP.DeviceRecords.Type | String | The device type. |
Command Example#
!ciscofp-get-device-records
Context Example#
Human Readable Output#
Cisco Firepower - List of device records:#
| ID | Name | HostName | Type | DeviceGroupID |
|---|---|---|---|---|
| 43e032dc-07c5-11ea-b83d-d5fdc079bf65 | FTD_10.8.49.209 | 10.8.49.209 | Device | 31b082e4-32c5-11ea-9d47-eda81976c864 |
34. ciscofp-deploy-to-devices#
Creates a request for deploying configuration changes to devices.
Base Command#
ciscofp-deploy-to-devices
Input#
| Argument Name | Description | Required |
|---|---|---|
| force_deploy | Boolean indicating whether to force deployment. Can be "true" or "false". | Required |
| ignore_warning | Boolean indicating whether to ignore warning. Can be "true" or "false". | Required |
| device_ids | A list of device IDs. | Required |
| version | The version to deploy. To get versions, use the ciscofp-get-deployable-devices command. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.Deploy.TaskID | String | The task ID. |
| CiscoFP.Deploy.ForceDeploy | String | Whether to force deploy. |
| CiscoFP.Deploy.IgnoreWarning | String | Whether to ignore warning. |
| CiscoFP.Deploy.Version | String | The version of the policy. |
| CiscoFP.Deploy.DeviceList | String | The list of devices. |
Command Example#
!ciscofp-deploy-to-devices device_ids=43e032dc-07c5-11ea-b83d-d5fdc079bf65 force_deploy=false ignore_warning=false version=1585679109082
Context Example#
Human Readable Output#
Cisco Firepower - devices requests to deploy.#
| TaskID | ForceDeploy | IgnoreWarning | Version | DeviceList |
|---|---|---|---|---|
| 133143991633 | false | false | 1585679109082 | 1 |
35. ciscofp-get-task-status#
Retrieves information about a previously submitted pending job or task with the specified ID. Used for deploying.
Base Command#
ciscofp-get-task-status
Input#
| Argument Name | Description | Required |
|---|---|---|
| task_id | The ID of the task for which to check the status. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.TaskStatus.Status | String | task status |
Command Example#
!ciscofp-get-task-status task_id=133143991633
Context Example#
Human Readable Output#
Cisco Firepower - 133143991633 status:#
| Status |
|---|
| Deployed |
36. ciscofp-get-url-groups-object#
Retrieves the groups of url objects and addresses associated with the specified ID. If not supplied, retrieves a list of all url objects.
Base Command#
ciscofp-get-url-groups-object
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | ID of the group. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.URLGroups.ID | string | The group ID. |
| CiscoFP.URLGroups.Name | string | The group Name. |
| CiscoFP.URLGroups.Overridable | string | Boolean indicating whether objects can be overridden. |
| CiscoFP.URLGroups.Description | string | The group description. |
| CiscoFP.URLGroups.Addresses.Value | string | The group addresses. |
| CiscoFP.URLGroups.Objects.Name | string | The group object name. |
| CiscoFP.URLGroups.Objects.ID | string | The object ID. |
| CiscoFP.URLGroups.Objects.Type | string | The object type. |
Command Example#
!ciscofp-get-url-groups-object id=00224867-78A7-0ed3-0000-004294969111
Human Readable Output#
Cisco Firepower - url group object:#
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 00224867-78A7-0ed3-0000-004294969111 | xxx_Proactive_Response_URL | true | 2000 | 0 |
37. ciscofp-update-url-groups-objects#
Updates the ID of a group of url objects.
Base Command#
ciscofp-update-url-groups-objects
Input#
| Argument Name | Description | Required |
|---|---|---|
| id | The ID of the group to update. | Required |
| url_objects_id_list | A comma-separated list of object IDs to add the url. | Optional |
| url_list | A comma-separated list of url to add the group. | Optional |
| description | The new description for the object. | Optional |
| overridable | Boolean indicating whether object values can be overridden. Default is false. | Optional |
| name | The group name. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| CiscoFP.URLGroups.Addresses.Type | string | The addresses type in the group object. |
| CiscoFP.URLGroups.Addresses.Url | string | The addresses url in the group object. |
| CiscoFP.URLGroups.Description | string | The group description. |
| CiscoFP.URLGroups.ID | string | The group ID. |
| CiscoFP.URLGroups.Name | string | The group name. |
| CiscoFP.URLGroups.Objects | unknown | The group object information. |
| CiscoFP.URLGroups.Overridable | string | Boolean indicating whether objects can be overridden. |
Command Example#
!ciscofp-update-url-groups-objects id=00224867-78A7-0ed3-0000-004294969111 name=XXX_Proactive_Response_URL url_list=1.1.1.1
Human Readable Output#
Cisco Firepower - url group has been updated.#
| ID | Name | Overridable | Description | Addresses | Objects |
|---|---|---|---|---|---|
| 00224867-78A7-0ed3-0000-004294969111 | XXX_Proactive_Response_URL | false | 1 | 0 |