Cisco Firepower
Cisco Firepower Pack.#
This Integration is part of the#
OverviewUse the Cisco Firepower integration for unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. This integration was integrated and tested with version 7.0.4 of Cisco Firepower Supports FMC 7.2.0 and above
Authentication from a REST API Client Cisco recommends that you use different accounts for interfacing with the API and the Firepower User Interface. Credentials cannot be used for both interfaces simultaneously, and will be logged out without warning if used for both.
#
Configure Cisco Firepower in CortexParameter | Required |
---|---|
Server URL (e.g., https://192.168.0.1) | True |
Username | True |
Password | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- ciscofp-list-zones
- ciscofp-list-ports
- ciscofp-list-url-categories
- ciscofp-get-network-object
- ciscofp-create-network-object
- ciscofp-update-network-object
- ciscofp-get-network-groups-object
- ciscofp-create-network-groups-objects
- ciscofp-update-network-groups-objects
- ciscofp-delete-network-groups-objects
- ciscofp-get-host-object
- ciscofp-create-host-object
- ciscofp-update-host-object
- ciscofp-delete-network-object
- ciscofp-delete-host-object
- ciscofp-get-access-policy
- ciscofp-create-access-policy
- ciscofp-update-access-policy
- ciscofp-delete-access-policy
- ciscofp-list-security-group-tags
- ciscofp-list-ise-security-group-tag
- ciscofp-list-vlan-tags
- ciscofp-list-vlan-tags-group
- ciscofp-list-applications
- ciscofp-get-access-rules
- ciscofp-create-access-rules
- ciscofp-update-access-rules
- ciscofp-delete-access-rules
- ciscofp-list-policy-assignments
- ciscofp-create-policy-assignments
- ciscofp-update-policy-assignments
- ciscofp-get-deployable-devices
- ciscofp-get-device-records
- ciscofp-deploy-to-devices
- ciscofp-get-task-status
- ciscofp-get-url-groups-object
- ciscofp-update-url-groups-objects
- ciscofp-create-intrusion-policy
- ciscofp-list-intrusion-policy
- ciscofp-update-intrusion-policy
- ciscofp-delete-intrusion-policy
- ciscofp-create-intrusion-rule
- ciscofp-list-intrusion-rule
- ciscofp-update-intrusion-rule
- ciscofp-delete-intrusion-rule
- ciscofp-upload-intrusion-rule-file
- ciscofp-create-intrusion-rule-group
- ciscofp-list-intrusion-rule-group
- ciscofp-update-intrusion-rule-group
- ciscofp-delete-intrusion-rule-group
- ciscofp-create-network-analysis-policy
- ciscofp-list-network-analysis-policy
- ciscofp-update-network-analysis-policy
- ciscofp-delete-network-analysis-policy
#
1. ciscofp-list-zonesRetrieves a list of all security zone objects.
#
Base Commandciscofp-list-zones
#
InputArgument Name | Description | Required |
---|---|---|
limit | The number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Zone.ID | String | The zone ID. |
CiscoFP.Zone.Name | String | The zone name. |
CiscoFP.Zone.InterfaceMode | String | The zone interface mode. |
CiscoFP.Zone.Interfaces.Name | String | The name of interfaces belonging to the security zone. |
CiscoFP.Zone.Interfaces.ID | String | The ID of interfaces belonging to the security zone. |
#
Command Example!ciscofp-list-zones
#
Context Example#
Human Readable Output#
Cisco Firepower - List zones:ID | Name | InterfaceMode | Interfaces |
---|---|---|---|
e5156ab2-c736-11e8-bacb-8d7a1cfa386e | Trust | ROUTED | 1 |
001e2d12-c737-11e8-bacb-8d7a1cfa386e | Untrust | ROUTED | 1 |
5884acce-ffdf-11e9-8a1b-81dfc51749cb | L3-Trust | ROUTED | 1 |
6038978c-ffdf-11e9-8a1b-81dfc51749cb | L3-Untrust | ROUTED | 1 |
62c3f83a-305d-11ea-9d47-eda81976c864 | arseny_zone | INLINE | 0 |
#
2. ciscofp-list-portsRetrieves a list of all port objects.
#
Base Commandciscofp-list-ports
#
InputArgument Name | Description | Required |
---|---|---|
limit | The number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Port.ID | String | The port ID. |
CiscoFP.Port.Name | String | The port name. |
CiscoFP.Port.Protocol | String | The port protocol. |
CiscoFP.Port.Port | String | The port number. |
#
Command Example!ciscofp-list-ports
#
Context Example#
Human Readable Output#
Cisco Firepower - List ports:ID | Name | Protocol | Port |
---|---|---|---|
1834d812-38bb-11e2-86aa-62f0c593a59a | AOL | TCP | 5190 |
1834e5f0-38bb-11e2-86aa-62f0c593a59a | Bittorrent | TCP | 6881-6889 |
1834e712-38bb-11e2-86aa-62f0c593a59a | DNS_over_TCP | TCP | 53 |
1834e8ca-38bb-11e2-86aa-62f0c593a59a | DNS_over_UDP | UDP | 53 |
1834c674-38bb-11e2-86aa-62f0c593a59a | FTP | TCP | 21 |
18312adc-38bb-11e2-86aa-62f0c593a59a | HTTP | TCP | 80 |
1834bd00-38bb-11e2-86aa-62f0c593a59a | HTTPS | TCP | 443 |
1834c37c-38bb-11e2-86aa-62f0c593a59a | IMAP | TCP | 143 |
1834d01a-38bb-11e2-86aa-62f0c593a59a | LDAP | TCP | 389 |
1834c9c6-38bb-11e2-86aa-62f0c593a59a | NFSD-TCP | TCP | 2049 |
1834caac-38bb-11e2-86aa-62f0c593a59a | NFSD-UDP | UDP | 2049 |
1834cb92-38bb-11e2-86aa-62f0c593a59a | NTP-TCP | TCP | 123 |
1834cc96-38bb-11e2-86aa-62f0c593a59a | NTP-UDP | UDP | 123 |
1834c462-38bb-11e2-86aa-62f0c593a59a | POP-2 | TCP | 109 |
1834c548-38bb-11e2-86aa-62f0c593a59a | POP-3 | TCP | 110 |
000C29A8-BA3B-0ed3-0000-034359739875 | quic | UDP | 443 |
000C29A8-BA3B-0ed3-0000-034359739893 | quic80 | UDP | 80 |
1834ce94-38bb-11e2-86aa-62f0c593a59a | RADIUS | UDP | 1645 |
1834d114-38bb-11e2-86aa-62f0c593a59a | RIP | UDP | 520 |
1834d204-38bb-11e2-86aa-62f0c593a59a | SIP | UDP | 5060 |
1834bf44-38bb-11e2-86aa-62f0c593a59a | SMTP | TCP | 25 |
1834c07a-38bb-11e2-86aa-62f0c593a59a | SMTPS | TCP | 465 |
1834c264-38bb-11e2-86aa-62f0c593a59a | SNMP | UDP | 161 |
1834c890-38bb-11e2-86aa-62f0c593a59a | SSH | TCP | 22 |
1834d6e6-38bb-11e2-86aa-62f0c593a59a | SYSLOG | UDP | 514 |
1834e50a-38bb-11e2-86aa-62f0c593a59a | TCP_high_ports | TCP | 1021-65535 |
28e058e4-43b0-11e2-9bcd-7c2f9ed9bbee | TELNET | TCP | 23 |
1834d5e2-38bb-11e2-86aa-62f0c593a59a | TFTP | UDP | 69 |
1834da1a-38bb-11e2-86aa-62f0c593a59a | Yahoo_Messenger_Messages | TCP | 5050 |
1834db96-38bb-11e2-86aa-62f0c593a59a | YahooMessenger_Voice_Chat_TCP | TCP | 5000-5001 |
1834dc86-38bb-11e2-86aa-62f0c593a59a | YahooMessenger_Voice_Chat_UDP | UDP | 5000-5010 |
#
3. ciscofp-list-url-categoriesRetrieves a list of all URL category objects.
#
Base Commandciscofp-list-url-categories
#
InputArgument Name | Description | Required |
---|---|---|
limit | The number of items to return. The default is 50. Default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Category.ID | String | The category ID. |
CiscoFP.Category.Name | String | The category name. |
#
Command Example!ciscofp-list-url-categories
#
Context Example#
Human Readable Output#
Cisco Firepower - List url categories:ID | Name |
---|---|
abba9b63-bb10-4729-b901-2e2aa0f02054 | Pornography |
abba9b63-bb10-4729-b901-2e2aa0f02042 | Spiritual Healing |
abba9b63-bb10-4729-b901-2e2aa0f02033 | Tasteless or Obscene |
abba9b63-bb10-4729-b901-2e2aa0f02005 | Shopping |
abba9b63-bb10-4729-b901-2e2aa0f02016 | Hate Speech |
abba9b63-bb10-4729-b901-2e2aa0f02082 | Digital Postcards |
abba9b63-bb10-4729-b901-2e2aa0f02028 | Online Trading |
abba9b63-bb10-4729-b901-2e2aa0f02034 | Lotteries |
abba9b63-bb10-4729-b901-2e2aa0f02071 | File Transfer Services |
abba9b63-bb10-4729-b901-2e2aa0f02043 | Tattoos |
abba9b63-bb10-4729-b901-2e2aa0f02029 | Paranormal and Occult |
abba9b63-bb10-4729-b901-2e2aa0f02064 | Child Abuse Content |
abba9b63-bb10-4729-b901-2e2aa0f02007 | Games |
abba9b63-bb10-4729-b901-2e2aa0f02037 | Web Hosting |
abba9b63-bb10-4729-b901-2e2aa0f02013 | Nature |
abba9b63-bb10-4729-b901-2e2aa0f02066 | Online Storage and Backup |
abba9b63-bb10-4729-b901-2e2aa0f02070 | Mobile Phones |
abba9b63-bb10-4729-b901-2e2aa0f02012 | Science and Technology |
abba9b63-bb10-4729-b901-2e2aa0f02022 | Illegal Activities |
abba9b63-bb10-4729-b901-2e2aa0f02080 | SaaS and B2B |
abba9b63-bb10-4729-b901-2e2aa0f02092 | Parked Domains |
abba9b63-bb10-4729-b901-2e2aa0f02008 | Sports and Recreation |
abba9b63-bb10-4729-b901-2e2aa0f02001 | Education |
abba9b63-bb10-4729-b901-2e2aa0f02024 | Online Communities |
abba9b63-bb10-4729-b901-2e2aa0f02096 | Test Category 3 |
abba9b63-bb10-4729-b901-2e2aa0f02031 | Lingerie and Swimsuits |
abba9b63-bb10-4729-b901-2e2aa0f02051 | Cheating and Plagiarism |
abba9b63-bb10-4729-b901-2e2aa0f02050 | Hacking |
abba9b63-bb10-4729-b901-2e2aa0f02017 | Reference |
abba9b63-bb10-4729-b901-2e2aa0f02076 | Fashion |
abba9b63-bb10-4729-b901-2e2aa0f02025 | Filter Avoidance |
abba9b63-bb10-4729-b901-2e2aa0f02083 | Politics |
abba9b63-bb10-4729-b901-2e2aa0f02067 | Internet Telephony |
abba9b63-bb10-4729-b901-2e2aa0f02097 | DIY Projects |
abba9b63-bb10-4729-b901-2e2aa0f02093 | Entertainment |
abba9b63-bb10-4729-b901-2e2aa0f02077 | Alcohol |
abba9b63-bb10-4729-b901-2e2aa0f02039 | Instant Messaging |
abba9b63-bb10-4729-b901-2e2aa0f02036 | Weapons |
abba9b63-bb10-4729-b901-2e2aa0f02075 | Extreme |
abba9b63-bb10-4729-b901-2e2aa0f02009 | Health and Nutrition |
abba9b63-bb10-4729-b901-2e2aa0f02015 | Finance |
abba9b63-bb10-4729-b901-2e2aa0f02074 | Astrology |
abba9b63-bb10-4729-b901-2e2aa0f02081 | Personal Sites |
abba9b63-bb10-4729-b901-2e2aa0f02073 | Streaming Audio |
abba9b63-bb10-4729-b901-2e2aa0f02084 | Illegal Downloads |
abba9b63-bb10-4729-b901-2e2aa0f02006 | Adult |
abba9b63-bb10-4729-b901-2e2aa0f02061 | Dining and Drinking |
abba9b63-bb10-4729-b901-2e2aa0f02026 | Streaming Media |
abba9b63-bb10-4729-b901-2e2aa0f02085 | Organizational Email |
abba9b63-bb10-4729-b901-2e2aa0f02020 | Search Engines and Portals |
#
4. ciscofp-get-network-objectRetrieves the network objects associated with the specified ID. If no ID is supplied, retrieves a list of all network objects.
#
Base Commandciscofp-get-network-object
#
InputArgument Name | Description | Required |
---|---|---|
object_id | The object ID. | Optional |
limit | The number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Network.ID | String | The network ID. |
CiscoFP.Network.Name | String | The network name. |
CiscoFP.Network.Value | String | CIDR |
CiscoFP.Network.Overrideable | String | Whether the object can be overridden. |
CiscoFP.Network.Description | String | The network description. |
#
Command Example!ciscofp-get-network-object
#
Context Example#
Human Readable Output#
Cisco Firepower - List network objects:ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554053261 | 0 | 1.0.0.0/24 | false | |
000C29A8-BA3B-0ed3-0000-124554053289 | 1 | 1.0.0.0/24 | false | |
000C29A8-BA3B-0ed3-0000-124554053308 | 2 | 1.0.0.0/24 | false | |
cb7116e8-66a6-480b-8f9b-295191a0940a | any-ipv4 | 0.0.0.0/0 | false | |
000C29A8-BA3B-0ed3-0000-124554061004 | demo1 | 10.0.0.0/10 | false | |
000C29A8-BA3B-0ed3-0000-030064772538 | Internal-LAN-Network | 192.168.1.0/24 | false | |
86caab8a-9bdd-420d-858b-5690fde8ce58 | IPv4-Benchmark-Tests | 198.18.0.0/15 | false | |
f0ce41ae-6ee9-4e00-8762-da9370c4fee5 | IPv4-Link-Local | 169.254.0.0/16 | false | |
5622db1c-5cd5-4199-a4c8-d8f86dec3bd4 | IPv4-Multicast | 224.0.0.0/4 | false | |
95916354-5aa1-4057-8eea-b42a5a207abc | IPv4-Private-10.0.0.0-8 | 10.0.0.0/8 | false | |
b7a78a7d-20c5-47b2-b02f-86b4360112ac | IPv4-Private-172.16.0.0-12 | 172.16.0.0/12 | false | |
1dcefdd8-07f7-438a-9221-97d63710614e | IPv4-Private-192.168.0.0-16 | 192.168.0.0/16 | false | |
1047b91f-db3a-45b8-9c10-f48ed3f0c3d6 | IPv6-IPv4-Mapped | ::ffff:0.0.0.0/96 | false | |
192c14f2-39d9-409d-81e9-357793bdf1ec | IPv6-Link-Local | fe80::/10 | false | |
0434674f-87f8-4e17-810e-97100407858b | IPv6-Private-Unique-Local-Addresses | fc00::/7 | false | |
04ea3f1f-f5a9-4eca-b051-487ebeb4c97f | IPv6-to-IPv4-Relay-Anycast | 192.88.99.0/24 | false | |
000C29A8-BA3B-0ed3-0000-124554053215 | n5n | 1.0.0.0/24 | false | |
000C29A8-BA3B-0ed3-0000-124554053196 | nn | 1.0.0.0/24 | false | |
000C29A8-BA3B-0ed3-0000-124554053177 | nnkn | 1.0.0.0/24 | false | jjj |
000C29A8-BA3B-0ed3-0000-124554053149 | nnn | 1.0.0.0/24 | false | |
000C29A8-BA3B-0ed3-0000-133143990065 | playbookTest | 10.0.0.0/22 | false | my |
000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
000C29A8-BA3B-0ed3-0000-124554056653 | rrr | 10.0.0.0/22 | false |
#
5. ciscofp-create-network-objectCreates a network object.
#
Base Commandciscofp-create-network-object
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the new object. | Required |
value | CIDR. | Required |
description | The object description. | Optional |
overridable | Whether the objects can be overridden. Can be TRUE or FALSE. The default is FALSE. Possible values are: false, true. Default is false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Network.ID | String | The network ID. |
CiscoFP.Network.Name | String | The network name. |
CiscoFP.Network.Value | String | CIDR. |
CiscoFP.Network.Overridable | String | Whether the object can be overridden. |
CiscoFP.Network.Description | String | The network object description. |
#
Command Example!ciscofp-create-network-object name=newTest232 value=10.0.0.0/22 description=test overridable=false
#
Context Example#
Human Readable Output#
Cisco Firepower - network object has been created.ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-133143990579 | newTest232 | 10.0.0.0/22 | false | test |
#
6. ciscofp-update-network-objectUpdates the specified network object.
#
Base Commandciscofp-update-network-object
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the object to update. | Required |
name | The object name. | Required |
value | CIDR. | Required |
description | The object description. | Optional |
overridable | Whether the object can be overridden. Possible values are: false, true. Default is false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Network.ID | String | The network ID. |
CiscoFP.Network.Name | String | The network name. |
CiscoFP.Network.Value | String | CIDR. |
CiscoFP.Network.Overridable | String | Whether the object can be overridden. |
CiscoFP.Network.Description | String | The network object description. |
#
Command Example!ciscofp-update-network-object id=000C29A8-BA3B-0ed3-0000-124554053327 name=playbookTestUpdate value=10.0.0.0/23 description=my playbook test overridable=true
#
Context Example#
Human Readable Output#
Cisco Firepower - network object has been updated.ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
#
7. ciscofp-get-network-groups-objectRetrieves the groups of network objects and addresses associated with the specified ID. If no ID is supplied, retrieves a list of all network objects.
#
Base Commandciscofp-get-network-groups-object
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the object group for which to return groups and addresses. | Optional |
limit | The number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkGroups.ID | String | The network group ID. |
CiscoFP.NetworkGroups.Name | String | The network group name. |
CiscoFP.NetworkGroups.Overridable | String | Whether the network group can be overridden. |
CiscoFP.NetworkGroups.Description | String | The network group description. |
CiscoFP.NetworkGroups.Addresses.Value | String | The network group IP address/CIDR range. |
CiscoFP.NetworkGroups.Addresses.Type | String | The network group address type. |
CiscoFP.NetworkGroups.Objects.Name | String | The network group object name. |
CiscoFP.NetworkGroups.Objects.ID | String | The network group object ID. |
CiscoFP.NetworkGroups.Objects.Type | String | The network group object type. |
#
Command Example!ciscofp-get-network-groups-object
#
Context Example#
Human Readable Output#
Cisco Firepower - List of network groups object:ID | Name | Overridable | Description | Addresses | Objects |
---|---|---|---|---|---|
69fa2a3a-4487-4e3c-816f-4098f684826e | any | false | 2 | 0 | |
000C29A8-BA3B-0ed3-0000-124554052162 | arseny_group | false | 0 | 3 | |
000C29A8-BA3B-0ed3-0000-124554053470 | ee | false | 2 | 0 | |
000C29A8-BA3B-0ed3-0000-124554053489 | eee | false | 2 | 0 | |
15b12b14-dace-4117-b9d9-a9a7dcfa356f | IPv4-Private-All-RFC1918 | false | 3 | 0 |
#
8. ciscofp-create-network-groups-objectsCreates a group of network objects.
#
Base Commandciscofp-create-network-groups-objects
#
InputArgument Name | Description | Required |
---|---|---|
name | The group name. | Required |
network_objects_id_list | A comma-separated list of object IDs to add to the group. | Optional |
network_address_list | A comma-separated list of IP addresses or CIDR ranges to add the group. | Optional |
description | The object description. | Optional |
overridable | Whether object values can be overridden. Can be TRUE or FALSE. The default is FALSE. Possible values are: false, true. Default is false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkGroups.ID | String | The network group ID. |
CiscoFP.NetworkGroups.Name | String | The network group name. |
CiscoFP.NetworkGroups.Overridable | String | Whether the network group can be overridden. |
CiscoFP.NetworkGroups.Description | String | The network group description. |
CiscoFP.NetworkGroups.Addresses.Value | String | The network group IP address or CIDR range. |
CiscoFP.NetworkGroups.Addresses.Type | String | The network group address type. |
CiscoFP.NetworkGroups.Objects.Name | String | The network group object name. |
CiscoFP.NetworkGroups.Objects.ID | String | The network group object ID. |
CiscoFP.NetworkGroups.Objects.Type | String | The network group object type. |
#
Command Example!ciscofp-create-network-groups-objects name=playbookTest3 network_address_list=8.8.8.8,4.4.4.4 description=my playbook test overridable=true
#
Context Example#
Human Readable Output#
Cisco Firepower - network group has been created.ID | Name | Overridable | Description | Addresses | Objects |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-133143990785 | playbookTest3 | true | my | 2 | 0 |
#
9. ciscofp-update-network-groups-objectsUpdates a group of network objects.
#
Base Commandciscofp-update-network-groups-objects
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the group to update. | Required |
network_objects_id_list | A comma-separated list of object IDs to add to the group. | Optional |
network_address_list | A comma-separated list of IP addresses or CIDR ranges to add to the group. | Optional |
description | The new description for the object. | Optional |
overridable | Whether object values can be overridden. Can be "TRUE" or "FALSE". The default is "FALSE". Possible values are: true, false. Default is false. | Optional |
update_strategy | The update method to use in the command. Can be "MERGE" or "OVERRIDE". When merging, the changes requested are added to the existing rule. When overriding, the fields with the inputs provided will be overridden and any fields that were not provided will be deleted. Possible values are: MERGE, OVERRIDE. | Optional |
name | The group name. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkGroups.ID | String | The network group ID. |
CiscoFP.NetworkGroups.Name | String | The network group name. |
CiscoFP.NetworkGroups.Overridable | String | Whether the network groups can be overridden. |
CiscoFP.NetworkGroups.Description | String | The network group description. |
CiscoFP.NetworkGroups.Addresses.Value | String | The network group IP address or CIDR range. |
CiscoFP.NetworkGroups.Addresses.Type | String | The network group address type. |
CiscoFP.NetworkGroups.Objects.Name | String | The network group object name. |
CiscoFP.NetworkGroups.Objects.ID | String | The network group object ID. |
CiscoFP.NetworkGroups.Objects.Type | String | The network group object type. |
#
Command Example!ciscofp-update-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053470 network_address_list=1.2.3.4,1.2.3.5 description=my playbook test overridable=true name=rrrff
#
Context Example#
Human Readable Output#
Cisco Firepower - network group has been updated.ID | Name | Overridable | Description | Addresses | Objects |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554053470 | rrrff | true | my | 2 | 0 |
#
10. ciscofp-delete-network-groups-objectsDeletes a group of network objects.
#
Base Commandciscofp-delete-network-groups-objects
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the object to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkGroups.ID | String | The network group ID. |
CiscoFP.NetworkGroups.Name | String | The network group name. |
CiscoFP.NetworkGroups.Overridable | String | Whether network groups values can be overridden. |
CiscoFP.NetworkGroups.Description | String | The network group description. |
CiscoFP.NetworkGroups.Addresses.Value | String | The network group IP address or CIDR range. |
CiscoFP.NetworkGroups.Addresses.Type | String | The network group address type. |
CiscoFP.NetworkGroups.Objects.Name | String | The network group object name |
CiscoFP.NetworkGroups.Objects.ID | String | The network group object ID. |
CiscoFP.NetworkGroups.Objects.Type | String | The network group object type. |
#
Command Example!ciscofp-delete-network-groups-objects id=000C29A8-BA3B-0ed3-0000-124554053489
#
Context Example#
Human Readable Output#
Cisco Firepower - network group - 000C29A8-BA3B-0ed3-0000-124554053489 - has been delete.ID | Name | Overridable | Description | Addresses | Objects |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554053489 | eee | false | 2 | 0 |
#
11. ciscofp-get-host-objectRetrieves the groups of host objects associated with the specified ID. If no ID is passed, retrieves a list of all network objects.
#
Base Commandciscofp-get-host-object
#
InputArgument Name | Description | Required |
---|---|---|
object_id | The ID of the object for which to retrieve host objects. | Optional |
limit | The number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Host.ID | String | The host ID. |
CiscoFP.Host.Name | String | The host name. |
CiscoFP.Host.Value | String | The host IP address. |
CiscoFP.Host.Overridable | String | Whether object values can be overridden. |
CiscoFP.Host.Description | String | A description of the host. |
#
Command Example!ciscofp-get-host-object
#
Context Example#
Human Readable Output#
Cisco Firepower - List host objects:ID | Name | Value | Overridable | Description |
---|---|---|---|---|
dde11d62-288b-4b4c-92e0-1dad0496f14b | any-ipv6 | ::/0 | false | |
000C29A8-BA3B-0ed3-0000-133143990104 | playbookTest2 | 1.2.3.4 | false | my |
000C29A8-BA3B-0ed3-0000-124554052144 | playbookTestUpdate2 | 1.2.3.5 | true | my |
000C29A8-BA3B-0ed3-0000-103079216589 | SyslogServer | 10.8.51.161 | false |
#
12. ciscofp-create-host-objectCreates a host object.
#
Base Commandciscofp-create-host-object
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the new object. | Required |
value | The IP address. | Required |
description | A description of the new object. | Optional |
overridable | Whether object values can be overridden. Can be "TRUE" or "FALSE". The default is "FALSE". Possible values are: false, true. Default is false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Host.ID | String | The host object ID. |
CiscoFP.Host.Name | String | The host object name. |
CiscoFP.Host.Value | String | The host IP address. |
CiscoFP.Host.Overridable | String | Whether object values can be overridden. |
CiscoFP.Host.Description | String | The host object description. |
#
Command Example!ciscofp-create-host-object name=newTest322 value=1.2.3.4 description=test overridable=false
#
Context Example#
Human Readable Output#
Cisco Firepower - host object has been created.ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-133143990598 | newTest322 | 1.2.3.4 | false | test |
#
13. ciscofp-update-host-objectUpdates the specified host object.
#
Base Commandciscofp-update-host-object
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the object to update. | Required |
name | The object name. | Required |
value | The IP address. | Required |
description | The description of the object. | Optional |
overridable | Whether object values can be overridden. Can be "TRUE" or "FALSE". The default is "FALSE". Possible values are: false, true. Default is false. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Host.ID | String | The host object ID. |
CiscoFP.Host.Name | String | The host object name. |
CiscoFP.Host.Value | String | The host IP address. |
CiscoFP.Host.Overridable | String | Whether object values can be overridden. |
CiscoFP.Host.Description | String | The description of the host object. |
#
Command Example!ciscofp-update-host-object id=000C29A8-BA3B-0ed3-0000-124554052144 name=playbookTestUpdate2 value=1.2.3.5 description=my playbook test overridable=true
#
Context Example#
Human Readable Output#
Cisco Firepower - host object has been updated.ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554052144 | playbookTestUpdate2 | 1.2.3.5 | true | my |
#
14. ciscofp-delete-network-objectDeletes the specified network object.
#
Base Commandciscofp-delete-network-object
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the object to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Network.ID | String | The network object ID. |
CiscoFP.Network.Name | String | The network object name. |
CiscoFP.Network.Value | String | CISR range. |
CiscoFP.Network.Overridable | String | Whether object values can be overridden. |
CiscoFP.Network.Description | String | The network object description. |
#
Command Example!ciscofp-delete-network-object id=000C29A8-BA3B-0ed3-0000-124554053327
#
Context Example#
Human Readable Output#
Cisco Firepower - network object has been deleted.ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554053327 | playbookTestUpdate | 10.0.0.0/23 | true | my |
#
15. ciscofp-delete-host-objectDeletes the specified host object.
#
Base Commandciscofp-delete-host-object
#
InputArgument Name | Description | Required |
---|---|---|
id | ID of the host object to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Host.ID | String | The host object ID. |
CiscoFP.Host.Name | String | The host object name. |
CiscoFP.Host.Value | String | CIDR range. |
CiscoFP.Host.Overridable | String | Whether the object can be overridden. |
CiscoFP.Host.Description | String | The description of the host object. |
#
Command Example!ciscofp-delete-host-object id=000C29A8-BA3B-0ed3-0000-133143990598
#
Context Example#
Human Readable Output#
Cisco Firepower - host object has been deleted.ID | Name | Value | Overridable | Description |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-133143990598 | newTest322 | 1.2.3.4 | false | test |
#
16. ciscofp-get-access-policyRetrieves the access control policy associated with the specified ID. If no access policy ID is passed, all access control policies are returned.
#
Base Commandciscofp-get-access-policy
#
InputArgument Name | Description | Required |
---|---|---|
id | The access policy ID. | Optional |
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Policy.ID | String | The policy ID. |
CiscoFP.Policy.Name | String | The policy name. |
CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
#
Command Example!ciscofp-get-access-policy
#
Context Example#
Human Readable Output#
Cisco Firepower - List access policy:ID | Name | DefaultActionID |
---|---|---|
000C29A8-BA3B-0ed3-0000-133143987627 | BPS tst | 000C29A8-BA3B-0ed3-0000-000268444674 |
000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-000268440576 |
000C29A8-BA3B-0ed3-0000-133143990165 | playbookTest4 | 000C29A8-BA3B-0ed3-0000-000268444676 |
000C29A8-BA3B-0ed3-0000-124554066053 | to test | 000C29A8-BA3B-0ed3-0000-000268443677 |
#
17. ciscofp-create-access-policyCreates an access control policy.
#
Base Commandciscofp-create-access-policy
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the new access policy. | Required |
action | The action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY". Possible values are: BLOCK, TRUST, PERMIT, NETWORK_DISCOVERY. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Policy.ID | String | The policy ID. |
CiscoFP.Policy.Name | String | The policy name. |
CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
#
Command Example!ciscofp-create-access-policy name=newTest232 action=BLOCK
#
Context Example#
Human Readable Output#
Cisco Firepower - access policy has been created.ID | Name | DefaultActionID |
---|---|---|
000C29A8-BA3B-0ed3-0000-133143990627 | newTest232 |
#
18. ciscofp-update-access-policyUpdates the specified access control policy.
#
Base Commandciscofp-update-access-policy
#
InputArgument Name | Description | Required |
---|---|---|
name | The access policy name. | Required |
id | The access policy ID. | Required |
default_action_id | The default action ID. | Required |
action | The action to take. Can be "BLOCK", "TRUST", "PERMIT", or "NETWORK_DISCOVERY". Possible values are: BLOCK, TRUST, PERMIT, NETWORK_DISCOVERY. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Policy.ID | String | The policy ID. |
CiscoFP.Policy.Name | String | The policy name. |
CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
#
Command Example!ciscofp-update-access-policy action=BLOCK default_action_id=000C29A8-BA3B-0ed3-0000-000268444682 name=jj id=000C29A8-BA3B-0ed3-0000-133143991123
#
Context Example#
Human Readable Output#
Cisco Firepower - access policy has been updated.ID | Name | DefaultActionID |
---|---|---|
000C29A8-BA3B-0ed3-0000-133143991123 | jj | 000C29A8-BA3B-0ed3-0000-000268444682 |
#
19. ciscofp-delete-access-policyDeletes the specified access control policy.
#
Base Commandciscofp-delete-access-policy
#
InputArgument Name | Description | Required |
---|---|---|
id | The access policy ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Policy.ID | String | The policy ID. |
CiscoFP.Policy.Name | String | The policy name. |
CiscoFP.Policy.DefaultActionID | String | The default action ID of the policy. |
#
Command Example!ciscofp-delete-access-policy id=000C29A8-BA3B-0ed3-0000-133143990869
#
Context Example#
Human Readable Output#
Cisco Firepower - access policy deleted.ID | Name | DefaultActionID |
---|---|---|
000C29A8-BA3B-0ed3-0000-133143990869 | 000C29A8-BA3B-0ed3-0000-000268444680 |
#
20. ciscofp-list-security-group-tagsRetrieves a list of all custom security group tag objects.
#
Base Commandciscofp-list-security-group-tags
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.SecurityGroupTags.ID | String | The security group tag ID. |
CiscoFP.SecurityGroupTags.Name | String | The security group tag name. |
CiscoFP.SecurityGroupTags.Tag | Number | The tag number. |
#
Command Example!ciscofp-list-security-group-tags
#
Context Example#
Human Readable Output#
Cisco Firepower - List security group tags:ID | Name | Tag |
---|---|---|
8d9813aa-32c1-11ea-9d47-eda81976c864 | sample_tag | 1000 |
5fce8cce-aa67-11e5-816b-95eb712b72a1 | ANY | 65535 |
#
21. ciscofp-list-ise-security-group-tagRetrieves a list of all ISE security group tag objects.
#
Base Commandciscofp-list-ise-security-group-tag
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.SecurityGroupTags.ID | String | The security group tag ID. |
CiscoFP.SecurityGroupTags.Name | String | The security group tag name. |
CiscoFP.SecurityGroupTags.Tag | Number | The tag number. |
#
Command Example!ciscofp-list-ise-security-group-tag
#
Context Example#
Human Readable Output#
Cisco Firepower - List ise security group tags:ID | Name | Tag |
---|---|---|
8d9813aa-32c1-11ea-9d47-eda81976c864 | sample_tag | 1000 |
5fce8cce-aa67-11e5-816b-95eb712b72a1 | ANY | 65535 |
#
22. ciscofp-list-vlan-tagsRetrieves a list of all VLAN tag objects.
#
Base Commandciscofp-list-vlan-tags
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.VlanTags.ID | String | The VLAN tag ID. |
CiscoFP.VlanTags.Name | String | The VLAN tag name. |
CiscoFP.VlanTags.Overridable | Boolean | Whether object values can be overridden. |
CiscoFP.VlanTags.Description | String | The VLAN tag description. |
CiscoFP.VlanTags.StartTag | Number | Start tag number. |
CiscoFP.VlanTags.EndTag | Number | End tag number. |
#
Command Example!ciscofp-list-vlan-tags
#
Context Example#
Human Readable Output#
Cisco Firepower - List vlan tags:ID | Name | Overridable | Description | StartTag | EndTag |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554052529 | aaaa | false | 2013 | 2013 |
#
23. ciscofp-list-vlan-tags-groupRetrieves a list of all VLAN group tag objects.
#
Base Commandciscofp-list-vlan-tags-group
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.VlanTagsGroup.Name | String | The group name. |
CiscoFP.VlanTagsGroup.ID | String | The group ID. |
CiscoFP.VlanTagsGroup.Description | String | Description of the object. |
CiscoFP.VlanTagsGroup.Overridable | Boolean | Whether object values can be overridden. |
CiscoFP.VlanTagsGroup.Objects.Name | String | The object name. |
CiscoFP.VlanTagsGroup.Objects.ID | String | The object ID. |
CiscoFP.VlanTagsGroup.Objects.Description | String | The VLAN tag description. |
CiscoFP.VlanTagsGroup.Objects.Overridable | Boolean | Whether object values can be overridden. |
CiscoFP.VlanTagsGroup.Objects.StartTag | Number | Start tag number. |
CiscoFP.VlanTagsGroup.Objects.EndTag | Number | End tag number. |
#
Command Example!ciscofp-list-vlan-tags-group
#
Context Example#
Human Readable Output#
Cisco Firepower - List of vlan tags groups objects:ID | Name | Overridable | Description | Objects |
---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-124554057022 | forPlaybookTest | false | 0 |
#
24. ciscofp-list-applicationsRetrieves a list of all application objects.
#
Base Commandciscofp-list-applications
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Applications.Name | String | The application name. |
CiscoFP.Applications.ID | String | The application ID. |
CiscoFP.Applications.Risk | String | The application risk. |
CiscoFP.Applications.AppProductivity | String | The application productivity. |
CiscoFP.Applications.ApplicationTypes | String | The application type. |
CiscoFP.Applications.AppCategories.ID | String | The application category ID. |
CiscoFP.Applications.AppCategories.Name | String | The application category name. |
CiscoFP.Applications.AppCategories.Count | String | The application category count. |
#
Command Example!ciscofp-list-applications
#
Context Example#
Human Readable Output#
Cisco Firepower - List of applications objects:ID | Name | Risk | AppProductivity | ApplicationTypes | AppCategories |
---|---|---|---|---|---|
2325 | 050plus | Medium | Medium | 2 | 2 |
1553 | 1&1 Internet | Very Low | Low | 1 | 2 |
535 | 1-800-Flowers | Low | Very Low | 1 | 1 |
3715 | 1000mercis | Low | Very Low | 1 | 1 |
536 | 100Bao | Very High | Very Low | 2 | 1 |
1205 | 12306.cn | Very Low | High | 1 | 2 |
4164 | 123Movies | Medium | Very Low | 2 | 1 |
1206 | 126.com | Very Low | High | 1 | 1 |
2385 | 17173.com | Medium | Very Low | 2 | 1 |
4165 | 1fichier | Low | Medium | 2 | 3 |
2346 | 2345.com | Very Low | Medium | 1 | 1 |
2493 | 24/7 Media | Very Low | Very Low | 1 | 3 |
2492 | 247 Inc. | Very Low | Very Low | 1 | 3 |
537 | 2channel | Low | Very Low | 2 | 1 |
1781 | 2Leep | Medium | Low | 1 | 1 |
2419 | 33Across | Very Low | Medium | 2 | 4 |
3866 | 360 Safeguard | Low | High | 1 | 1 |
1207 | 39.net | Very Low | High | 1 | 2 |
3000 | 3Com AMP3 | Medium | Medium | 1 | 1 |
2 | 3COM-TSMUX | Very Low | High | 1 | 1 |
1256 | 4399.com | Medium | Very Low | 1 | 1 |
1079 | 4chan | Medium | Very Low | 2 | 1 |
948 | 4shared | Low | High | 2 | 1 |
1654 | 500px | Very Low | Low | 2 | 2 |
1032 | 51.com | Low | Low | 1 | 1 |
1031 | 56.com | Low | Very Low | 1 | 1 |
1649 | 58 City | Very Low | Low | 1 | 2 |
2218 | 5by5 Radio | Medium | Low | 2 | 2 |
538 | 6.pm | Low | Very Low | 1 | 1 |
959 | 7digital | Very Low | Low | 1 | 1 |
4 | 914CG | Very Low | Medium | 1 | 1 |
4167 | 9Gag | Medium | Very Low | 2 | 2 |
1087 | 9P | Very Low | High | 2 | 1 |
920 | 9p.com | Medium | Very Low | 1 | 3 |
1389 | ABC | Medium | Very Low | 2 | 3 |
2205 | Abonti | Low | Very Low | 1 | 1 |
1167 | About.com | Very Low | Medium | 1 | 1 |
4168 | ABS-CBN | Very Low | High | 2 | 3 |
5 | ACA Services | Very Low | Very High | 1 | 1 |
3024 | ACAP | Medium | Medium | 1 | 1 |
3001 | Access Network | Medium | Medium | 1 | 1 |
3002 | AccessBuilder | Medium | Medium | 1 | 1 |
1533 | AccuWeather | Very Low | Low | 1 | 3 |
539 | Ace Hardware Corporation | Low | Very Low | 1 | 1 |
2146 | Acer | Very Low | High | 1 | 1 |
4169 | AcFun | High | Very Low | 2 | 2 |
6 | ACI | Very Low | Medium | 1 | 1 |
2219 | Acoon.de | Low | Low | 2 | 2 |
7 | ACR-NEMA | Low | High | 1 | 1 |
1322 | Acrobat.com | Low | High | 1 | 1 |
#
25. ciscofp-get-access-rulesRetrieves the access control rule associated with the specified policy ID and rule ID. If no rule ID is specified, retrieves a list of all access rules associated with the specified policy ID.
#
Base Commandciscofp-get-access-rules
#
InputArgument Name | Description | Required |
---|---|---|
policy_id | The policy ID. | Required |
rule_id | The rule ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Rule.Action | String | The rule action. |
CiscoFP.Rule.Applications.ID | String | The application ID. |
CiscoFP.Rule.Applications.Name | String | The application name. |
CiscoFP.Rule.Category | String | The rule category. |
CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The IP address or CIDR range. |
CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone ID. |
CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone name. |
CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone type. |
CiscoFP.Rule.Enabled | Number | Whether the rule is enabled. |
CiscoFP.Rule.ID | String | The rule ID. |
CiscoFP.Rule.Name | String | The rule name. |
CiscoFP.Rule.RuleIndex | Number | The rule index. |
CiscoFP.Rule.Section | String | The rule section. |
CiscoFP.Rule.SendEventsToFMC | Number | Whether the device will send events to Cisco. Firepower. |
CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The IP address or CIDR range. |
CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.SourcePorts.Addresses.Port | String | The port number. |
CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The port protocol. |
CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The VLAN tag number end tag. |
CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The VLAN tag number start tag. |
CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
#
Command Example!ciscofp-get-access-rules policy_id=000C29A8-BA3B-0ed3-0000-085899346038
#
Context Example#
Human Readable Output#
Cisco Firepower - List of access rules:ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-000268440577 | IP Any Any Any | ALLOW | true | true | 1 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
000C29A8-BA3B-0ed3-0000-000268441600 | test | ALLOW | true | false | 2 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
000C29A8-BA3B-0ed3-0000-000268442624 | arseny_rule | BLOCK | true | false | 3 | Mandatory | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
000C29A8-BA3B-0ed3-0000-000268443649 | mytest | ALLOW | true | false | 4 | Default | --Undefined-- | 3 | 2 | 2 | 4 | 2 | 3 | 2 | 3 | 3 | 2 |
000C29A8-BA3B-0ed3-0000-000268443653 | newUpdateTest | BLOCK | false | false | 5 | Default | --Undefined-- | 2 | 0 | 0 | 0 | 0 | 2 | 2 | 0 | 0 | 0 |
000C29A8-BA3B-0ed3-0000-000268444677 | playbookTest5 | ALLOW | true | false | 6 | Default | --Undefined-- | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
#
26. ciscofp-create-access-rulesCreates an access control rule.
#
Base Commandciscofp-create-access-rules
#
InputArgument Name | Description | Required |
---|---|---|
action | The rule's traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". Possible values are: ALLOW, TRUST, BLOCK, MONITOR, BLOCK_RESET, BLOCK_INTERACTIVE, BLOCK_RESET_INTERACTIVE. | Required |
rule_name | The rule name. | Required |
enabled | Whether to enable the access control rule. Possible values are: true, false. | Optional |
source_zone_object_ids | A list of source zone object IDs. To get IDs use the ciscofp-list-zones command. | Optional |
policy_id | The policy ID for which to create the new rule. | Required |
destination_zone_object_ids | A list of destination zone object IDs. To get IDs, use the ciscofp-list-zones command. | Optional |
vlan_tag_object_ids | A list of VLAN tag object IDs. To get IDs, use the ciscofp-list-vlan-tags command. | Optional |
source_network_object_ids | A list of network object IDs. To get IDs, use the ciscofp-get-network-groups-object command. | Optional |
source_network_addresses | A list of source IP addresses or CIDR ranges. To get the IP addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
destination_network_object_ids | A list of destination IP addresses or CIDR ranges. To get the addresses or ranges, use the ciscofp-get-network-object or ciscofp-get-host-object command, respectively. | Optional |
destination_network_addresses | A list of destination addresses. | Optional |
source_port_object_ids | A list of port object IDs. To get the IDs, use the ciscofp-get-network-object or ciscofp-get-host-object commands. | Optional |
destination_port_object_ids | A list of port object IDs. To get the IDs, use the ciscofp-list-ports command. | Optional |
source_security_group_tag_object_ids | A list of security group tag object IDs. To get the IDs, use the ciscofp-list-security-group-tags command. | Optional |
application_object_ids | A list of application object IDs. To get the IDs, use the ciscofp-list-applications command. | Optional |
url_object_ids | A list of URL object IDs. To get the IDs, use the ciscofp-list-url-categories command. | Optional |
url_addresses | A list of URL addresses. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
CiscoFP.Rule.Applications.ID | String | The application ID. |
CiscoFP.Rule.Applications.Name | String | The application name. |
CiscoFP.Rule.Category | String | The rule category. |
CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone ID. |
CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone name. |
CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone type. |
CiscoFP.Rule.Enabled | Number | Whether to enable the rule. |
CiscoFP.Rule.ID | String | The rule ID. |
CiscoFP.Rule.Name | String | The rule name. |
CiscoFP.Rule.RuleIndex | Number | The rule index. |
CiscoFP.Rule.Section | String | The rule section. |
CiscoFP.Rule.SendEventsToFMC | Number | Whether the device will send events to Cisco. Firepower. |
CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The VLAN tag number end tag. |
CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The VLAN tag number start tag. |
CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
#
Command Example!ciscofp-create-access-rules action=ALLOW rule_name=newTest222322 enabled=true source_network_addresses=1.2.3.4 destination_network_addresses=1.2.3.5 url_addresses=www.google.com policy_id=000C29A8-BA3B-0ed3-0000-085899346038
#
Context Example#
Human Readable Output#
Cisco Firepower - the new access rule:ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-000268444679 | newTest222322 | ALLOW | true | false | 1 | Default | --Undefined-- | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
#
27. ciscofp-update-access-rulesUpdates the specified access control rule.
#
Base Commandciscofp-update-access-rules
#
InputArgument Name | Description | Required |
---|---|---|
update_strategy | The method by which to update the rule. Can be "merge" or "override". If merged, the requested changes will be added to the existing rule. If override, the fields will be overridden with the inputs provided and fields that were not provided will be deleted. Possible values are: merge, override. | Required |
action | The rule action that determines how the system handles matching traffic. Can be "ALLOW", "TRUST", "BLOCK", "MONITOR", "BLOCK_RESET", "BLOCK_INTERACTIVE", or "BLOCK_RESET_INTERACTIVE". Possible values are: ALLOW, TRUST, BLOCK, MONITOR, BLOCK_RESET, BLOCK_INTERACTIVE, BLOCK_RESET_INTERACTIVE. | Optional |
rule_name | The rule name. | Optional |
enabled | Whether to enable the rule. The default is "TRUE". Possible values are: true, false. | Optional |
source_zone_object_ids | A list of source zones object IDs. | Optional |
policy_id | The policy ID for which to create the new rule. | Required |
destination_zone_object_ids | A list of destination zones object IDs. | Optional |
vlan_tag_object_ids | A list of VLAN tag object IDs. | Optional |
source_network_object_ids | A list of source network object IDs. | Optional |
source_network_addresses | A list of addresses. | Optional |
destination_network_object_ids | A list of destination network object IDs. | Optional |
destination_network_addresses | A list of addresses. | Optional |
source_port_object_ids | A list of source port object IDs. | Optional |
destination_port_object_ids | A list of destination port object IDs. | Optional |
source_security_group_tag_object_ids | A list of security group tag object IDs. | Optional |
application_object_ids | A list of application object IDs. | Optional |
url_object_ids | A list of URL object IDs. | Optional |
url_addresses | A list of URL addresses. | Optional |
rule_id | The ID of the rule to update. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
CiscoFP.Rule.Applications.ID | String | The application object ID. |
CiscoFP.Rule.Applications.Name | String | The application object name. |
CiscoFP.Rule.Category | String | The rule category. |
CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
CiscoFP.Rule.DestinationZones.Objects.ID | String | The destination zone object IDs. |
CiscoFP.Rule.DestinationZones.Objects.Name | String | The destination zone object names. |
CiscoFP.Rule.DestinationZones.Objects.Type | String | The destination zone object types. |
CiscoFP.Rule.Enabled | Number | Whether the rule is enabled. |
CiscoFP.Rule.ID | String | The rule ID. |
CiscoFP.Rule.Name | String | The rule name. |
CiscoFP.Rule.RuleIndex | Number | The rule index. |
CiscoFP.Rule.Section | String | The rule section. |
CiscoFP.Rule.SendEventsToFMC | Number | Whether the device will send events to Cisco. Firepower. |
CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The VLAN tag number end tag. |
CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The VLAN tag number start tag. |
CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
#
Command Example!ciscofp-update-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143987627 rule_id=000C29A8-BA3B-0ed3-0000-000268444675 update_strategy=merge enabled=false
#
Context Example#
Human Readable Output#
Cisco Firepower - access rule:ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-000268444675 | BPS-access-policy | ALLOW | false | true | 1 | Default | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
#
28. ciscofp-delete-access-rulesDeletes the specified access control rule.
#
Base Commandciscofp-delete-access-rules
#
InputArgument Name | Description | Required |
---|---|---|
policy_id | The policy ID. | Required |
rule_id | The ID of the rule to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Rule.Action | String | The action that determines how the system handles matching traffic. |
CiscoFP.Rule.Applications.ID | String | The application object ID. |
CiscoFP.Rule.Applications.Name | String | The application object name. |
CiscoFP.Rule.Category | String | The rule category. |
CiscoFP.Rule.DestinationNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.DestinationNetworks.Addresses.Value | String | The address value. |
CiscoFP.Rule.DestinationNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.DestinationNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.DestinationNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.DestinationPorts.Addresses.Port | String | The port number. |
CiscoFP.Rule.DestinationPorts.Addresses.Protocol | String | The port protocol. |
CiscoFP.Rule.DestinationPorts.Objects.ID | String | The port object ID. |
CiscoFP.Rule.DestinationPorts.Objects.Name | String | The port object name. |
CiscoFP.Rule.DestinationPorts.Objects.Protocol | String | The port object protocol. |
CiscoFP.Rule.DestinationPorts.Objects.Type | String | The port object type. |
CiscoFP.Rule.DestinationZones.Objects.ID | String | The zone IDs. |
CiscoFP.Rule.DestinationZones.Objects.Name | String | The zone names. |
CiscoFP.Rule.DestinationZones.Objects.Type | String | The zone types. |
CiscoFP.Rule.Enabled | Number | Whether the rule is enabled. |
CiscoFP.Rule.ID | String | The rule ID. |
CiscoFP.Rule.Name | String | The rule name. |
CiscoFP.Rule.RuleIndex | Number | The rule index. |
CiscoFP.Rule.Section | String | The rule section. |
CiscoFP.Rule.SendEventsToFMC | Number | Whether the device will send events to Cisco. Firepower. |
CiscoFP.Rule.SourceNetworks.Addresses.Type | String | The address type. |
CiscoFP.Rule.SourceNetworks.Addresses.Value | String | The address value. |
CiscoFP.Rule.SourceNetworks.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceNetworks.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceNetworks.Objects.Type | String | The object type. |
CiscoFP.Rule.SourcePorts.Addresses.Port | String | The address port. |
CiscoFP.Rule.SourcePorts.Addresses.Protocol | String | The address protocol. |
CiscoFP.Rule.SourcePorts.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourcePorts.Objects.Name | String | The object name. |
CiscoFP.Rule.SourcePorts.Objects.Protocol | String | The object protocol. |
CiscoFP.Rule.SourcePorts.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceSecurityGroupTags.Objects.Type | String | The object type. |
CiscoFP.Rule.SourceZones.Objects.ID | String | The object ID. |
CiscoFP.Rule.SourceZones.Objects.Name | String | The object name. |
CiscoFP.Rule.SourceZones.Objects.Type | String | The object type. |
CiscoFP.Rule.Urls.Addresses.URL | String | The URL address. |
CiscoFP.Rule.Urls.Objects.ID | String | The URL object ID. |
CiscoFP.Rule.Urls.Objects.Name | String | The URL object name. |
CiscoFP.Rule.VlanTags.Numbers.EndTag | Number | The VLAN tag number end tag. |
CiscoFP.Rule.VlanTags.Numbers.StartTag | Number | The VLAN tag number start tag. |
CiscoFP.Rule.VlanTags.Objects.ID | String | The object ID. |
CiscoFP.Rule.VlanTags.Objects.Name | String | The object name. |
CiscoFP.Rule.VlanTags.Objects.Type | String | The object type. |
#
Command Example!ciscofp-delete-access-rules policy_id=000C29A8-BA3B-0ed3-0000-133143991123 rule_id=000C29A8-BA3B-0ed3-0000-000268444684
#
Context Example#
Human Readable Output#
Cisco Firepower - deleted access rule:ID | Name | Action | Enabled | SendEventsToFMC | RuleIndex | Section | Category | Urls | VlanTags | SourceZones | Applications | DestinationZones | SourceNetworks | DestinationNetworks | SourcePorts | DestinationPorts | SourceSecurityGroupTags |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-000268444684 | hgf | ALLOW | false | false | Default | --Undefined-- | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
#
29. ciscofp-list-policy-assignmentsRetrieves the policy assignment associated with the specified ID. If no ID is specified, retrieves a list of all policy assignments to target devices.
#
Base Commandciscofp-list-policy-assignments
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
policy_assignment_id | The policy assignment ID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.PolicyAssignments.ID | String | The policy assignment ID. |
CiscoFP.PolicyAssignments.Name | String | The policy assignment name. |
CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
CiscoFP.PolicyAssignments.Targets.ID | String | The target ID. |
CiscoFP.PolicyAssignments.Targets.Name | String | The target name. |
CiscoFP.PolicyAssignments.Targets.Type | String | The target type. |
#
Command Example!ciscofp-list-policy-assignments
#
Context Example#
Human Readable Output#
Cisco Firepower - List of policy assignments:ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-133143987627 | BPS tst | BPS tst | 000C29A8-BA3B-0ed3-0000-133143987627 | 1 |
#
30. ciscofp-create-policy-assignmentsCreates policy assignments to target devices.
#
Base Commandciscofp-create-policy-assignments
#
InputArgument Name | Description | Required |
---|---|---|
policy_id | The policy ID. | Required |
device_ids | A list of device IDs. | Optional |
device_group_ids | A list of device group IDs. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.PolicyAssignments.ID | String | The policy assignment ID. |
CiscoFP.PolicyAssignments.Name | String | The policy assignment name. |
CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
CiscoFP.PolicyAssignments.Targets.ID | String | The target ID. |
CiscoFP.PolicyAssignments.Targets.Name | String | The target name. |
CiscoFP.PolicyAssignments.Targets.Type | String | The target type. |
#
Command Example!ciscofp-create-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038
#
Context Example#
Human Readable Output#
Cisco Firepower - Policy assignments has been done.ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-085899346038 | 0 |
#
31. ciscofp-update-policy-assignmentsUpdates the specified policy assignments to target devices.
#
Base Commandciscofp-update-policy-assignments
#
InputArgument Name | Description | Required |
---|---|---|
policy_id | The policy ID. | Optional |
device_ids | A list of device IDs. | Optional |
device_group_ids | A list of device group IDs. | Optional |
update_strategy | Update method to use in the command. Can be "MERGE" or "OVERRIDE". If merged, the requested changes will be added to the existing rule. If override, the fields will be overridden with the inputs provided and fields that were not provided will be deleted. Possible values are: MERGE, OVERRIDE. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.PolicyAssignments.ID | String | The policy assignment IDs. |
CiscoFP.PolicyAssignments.Name | String | The policy assignment names. |
CiscoFP.PolicyAssignments.PolicyDescription | String | The policy description. |
CiscoFP.PolicyAssignments.PolicyID | String | The policy ID. |
CiscoFP.PolicyAssignments.PolicyName | String | The policy name. |
CiscoFP.PolicyAssignments.Targets.ID | String | The target IDs. |
CiscoFP.PolicyAssignments.Targets.Name | String | The target names. |
CiscoFP.PolicyAssignments.Targets.Type | String | The target types. |
#
Command Example!ciscofp-update-policy-assignments policy_id=000C29A8-BA3B-0ed3-0000-085899346038
#
Context Example#
Human Readable Output#
Cisco Firepower - Policy assignments has been done.ID | Name | PolicyName | PolicyID | PolicyDescription | Targets |
---|---|---|---|---|---|
000C29A8-BA3B-0ed3-0000-085899346038 | Performance Test Policy without AMP | Performance Test Policy without AMP | 000C29A8-BA3B-0ed3-0000-085899346038 | 0 |
#
32. ciscofp-get-deployable-devicesRetrieves a list of all devices with configuration changes that are ready to deploy.
#
Base Commandciscofp-get-deployable-devices
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
container_uuid | The container UUID. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.DeployableDevices.CanBeDeployed | String | Devices that can be deployed. |
CiscoFP.DeployableDevices.UpToDate | String | Devices that are up to date. |
CiscoFP.DeployableDevices.DeviceID | String | The device ID. |
CiscoFP.DeployableDevices.DeviceName | String | The device name. |
CiscoFP.DeployableDevices.DeviceType | String | The device type. |
CiscoFP.DeployableDevices.Version | String | The device version. |
CiscoFP.PendingDeployment.ID | String | The device ID. |
CiscoFP.PendingDeployment.Name | String | The device name. |
CiscoFP.PendingDeployment.Type | String | The device type. |
CiscoFP.PendingDeployment.Status | String | The device status. |
CiscoFP.PendingDeployment.StartTime | String | The start time of the deployment. |
CiscoFP.PendingDeployment.EndTime | String | The end time of the deployment. |
#
Command Example!ciscofp-get-deployable-devices container_uuid=a24eca98-7a3a-11eb-999c-cdd9570e11cf
#
Human Readable Output#
Cisco Firepower - List of devices status pending deployment:EndTime | ID | Name | StartTime | Status | Type |
---|---|---|---|---|---|
1618225761 | 00224867-78A7-0ed3-0000-128849018939 | api_user_job_2021-04-12 11:08:43.523 | 1618225723 | PARTIALLY_SUCCEEDED | Deployment |
#
33. ciscofp-get-device-recordsRetrieves a list of all device records.
#
Base Commandciscofp-get-device-records
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of items to return. The default is 50. | Optional |
offset | Index of the first item to return. The default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.DeviceRecords.DeviceGroupID | String | The device group ID. |
CiscoFP.DeviceRecords.HostName | String | The device host. |
CiscoFP.DeviceRecords.ID | String | The device ID. |
CiscoFP.DeviceRecords.Name | String | The device name. |
CiscoFP.DeviceRecords.Type | String | The device type. |
#
Command Example!ciscofp-get-device-records
#
Context Example#
Human Readable Output#
Cisco Firepower - List of device records:ID | Name | HostName | Type | DeviceGroupID |
---|---|---|---|---|
43e032dc-07c5-11ea-b83d-d5fdc079bf65 | FTD_10.8.49.209 | 10.8.49.209 | Device | 31b082e4-32c5-11ea-9d47-eda81976c864 |
#
34. ciscofp-deploy-to-devicesCreates a request for deploying configuration changes to devices.
#
Base Commandciscofp-deploy-to-devices
#
InputArgument Name | Description | Required |
---|---|---|
force_deploy | Whether to force deployment. Can be "TRUE" or "FALSE". Possible values are: true, false. | Required |
ignore_warning | Whether to ignore warning. Can be "TRUE" or "FALSE". Possible values are: true, false. | Required |
device_ids | A list of device IDs. | Required |
version | The version to deploy. To get versions, use the ciscofp-get-deployable-devices command. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.Deploy.TaskID | String | The task ID. |
CiscoFP.Deploy.ForceDeploy | String | Whether to force deploy. |
CiscoFP.Deploy.IgnoreWarning | String | Whether to ignore warning. |
CiscoFP.Deploy.Version | String | The policy version. |
CiscoFP.Deploy.DeviceList | String | The list of devices. |
#
Command Example!ciscofp-deploy-to-devices device_ids=43e032dc-07c5-11ea-b83d-d5fdc079bf65 force_deploy=false ignore_warning=false version=1585679109082
#
Context Example#
Human Readable Output#
Cisco Firepower - devices requests to deploy.TaskID | ForceDeploy | IgnoreWarning | Version | DeviceList |
---|---|---|---|---|
133143991633 | false | false | 1585679109082 | 1 |
#
ciscofp-get-task-statusRetrieves information about a previously submitted pending job or task with the specified ID. Used for deploying.
#
Base Commandciscofp-get-task-status
#
InputArgument Name | Description | Required |
---|---|---|
task_id | The ID of the task for which to check the status. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.TaskStatus.Status | String | The task status. |
#
Command Example!ciscofp-get-task-status task_id=133143991633
#
Context Example#
Human Readable Output#
Cisco Firepower - 133143991633 status:Status |
---|
Deployed |
#
36. ciscofp-get-url-groups-objectRetrieves the groups of URL objects and addresses associated with the specified ID. If not supplied, retrieves a list of all URL objects.
#
Base Commandciscofp-get-url-groups-object
#
InputArgument Name | Description | Required |
---|---|---|
id | The group ID. If not supplied, retrieves a list of all URL objects. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.URLGroups.ID | string | The group ID. |
CiscoFP.URLGroups.Name | string | The group name. |
CiscoFP.URLGroups.Overridable | string | Whether objects can be overridden. |
CiscoFP.URLGroups.Description | string | The group description. |
CiscoFP.URLGroups.Addresses.Value | string | The group addresses. |
CiscoFP.URLGroups.Objects.Name | string | The group object name. |
CiscoFP.URLGroups.Objects.ID | string | The object ID. |
CiscoFP.URLGroups.Objects.Type | string | The object type. |
#
Command Example!ciscofp-get-url-groups-object id=00224867-78A7-0ed3-0000-004294969111
#
Human Readable Output#
Cisco Firepower - url group object:ID | Name | Overridable | Description | Addresses | Objects |
---|---|---|---|---|---|
00224867-78A7-0ed3-0000-004294969111 | xxx_Proactive_Response_URL | true | 2000 | 0 |
#
37. ciscofp-update-url-groups-objectsUpdates the ID of a group of URL objects.
#
Base Commandciscofp-update-url-groups-objects
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the group to update. | Required |
url_objects_id_list | A comma-separated list of object IDs to add the URL. | Optional |
url_list | A comma-separated list of URLs to add the group. | Optional |
description | The new description for the object. | Optional |
overridable | Whether object values can be overridden. Possible values are: true, false. Default is false. | Optional |
name | The group name. | Optional |
update_strategy | Update method to use in the command. Can be "MERGE" or "OVERRIDE". If merged, the requested changes will be added to the existing rule. If override, the fields will be overridden with the inputs provided and fields that were not provided will be deleted. Possible values are: MERGE, OVERRIDE. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.URLGroups.Addresses.Type | string | The address types in the group object. |
CiscoFP.URLGroups.Addresses.Url | string | The address URLs in the group object. |
CiscoFP.URLGroups.Description | string | The group description. |
CiscoFP.URLGroups.ID | string | The group ID. |
CiscoFP.URLGroups.Name | string | The group name. |
CiscoFP.URLGroups.Objects | unknown | The group object information. |
CiscoFP.URLGroups.Overridable | string | Whether objects can be overridden. |
#
Command Example!ciscofp-update-url-groups-objects id=00224867-78A7-0ed3-0000-004294969111 name=XXX_Proactive_Response_URL url_list=1.1.1.1
#
Human Readable Output#
Cisco Firepower - url group has been updated.ID | Name | Overridable | Description | Addresses | Objects |
---|---|---|---|---|---|
00224867-78A7-0ed3-0000-004294969111 | XXX_Proactive_Response_URL | false | 1 | 0 |
#
38. ciscofp-upload-intrusion-rule-fileImports or validates custom Snort 3 intrusion rules within a file. Import arguments: rule_import_mode, rule_group_ids.
#
Base Commandciscofp-upload-intrusion-rule-file
#
InputArgument Name | Description | Required |
---|---|---|
entry_id | A file containing the custom Snort 3 intrusion rules. Supported file formats are .rules and .txt. | Required |
rule_import_mode | Merge or replace the rules in the rule groups. Possible values are: MERGE, REPLACE. | Optional |
rule_group_ids | A comma-separated list of rule groups to which rules should belong. Example are group-id1,group-id2. This is required when importing rules and can be acquired from: ciscofp-list-intrusion-rule-group. | Optional |
validate_only | Define whether to validate or to validate and import rules. True is the default value and sets that rules should be validated and not imported. Possible values are: True, False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRuleUpload.summary.type | String | Type of the response object. This value is always ruleimportsummary. |
CiscoFP.IntrusionRuleUpload.summary.deleted.type | String | Type of the response object. This value is always ruleimportsummaryentry. |
CiscoFP.IntrusionRuleUpload.summary.deleted.count | Number | The number of deleted rules. By default shows 0. |
CiscoFP.IntrusionRuleUpload.summary.deleted.rules | String | Details of deleted rules in the format GID:SID. |
CiscoFP.IntrusionRuleUpload.summary.added.type | String | Type of the response object. This value is always ruleimportsummaryentry. |
CiscoFP.IntrusionRuleUpload.summary.added.count | Number | The number of added rules. By default shows 0. |
CiscoFP.IntrusionRuleUpload.summary.added.rules | String | Details of added rules in the format GID:SID. |
CiscoFP.IntrusionRuleUpload.summary.unassociated.type | String | Type of the response object. This value is always ruleimportsummaryentry. |
CiscoFP.IntrusionRuleUpload.summary.unassociated.count | Number | The number of unassociated rules. By default shows 0. |
CiscoFP.IntrusionRuleUpload.summary.unassociated.rules | String | Details of unassociated rules in the format GID:SID. |
CiscoFP.IntrusionRuleUpload.summary.updated.type | String | Type of the response object. This value is always ruleimportsummaryentry. |
CiscoFP.IntrusionRuleUpload.summary.updated.count | Number | The number of updated rules. By default shows 0. |
CiscoFP.IntrusionRuleUpload.summary.updated.rules | String | Details of updated rules in the format GID:SID. |
CiscoFP.IntrusionRuleUpload.summary.skipped.type | String | Type of the response object. This value is always ruleimportsummaryentry. |
CiscoFP.IntrusionRuleUpload.summary.skipped.count | Number | The number of skipped rules. By default shows 0. |
CiscoFP.IntrusionRuleUpload.summary.skipped.rules | String | Details of skipped rules in the format GID:SID. |
CiscoFP.IntrusionRuleUpload.validateOnly | String | Specifies if rules should be validated or validated and imported. Default value is true. |
CiscoFP.IntrusionRuleUpload.ruleImportMode | String | The rule import mode. Can be either MERGE or REPLACE. |
CiscoFP.IntrusionRuleUpload.files.path | String | The file path. |
CiscoFP.IntrusionRuleUpload.files.attrib | String | The file attribute, payloadFile. |
CiscoFP.IntrusionRuleUpload.files.name | String | The file name. |
CiscoFP.IntrusionRuleUpload.files.id | String | The file ID. |
CiscoFP.IntrusionRuleUpload.files.type | String | The file type. |
CiscoFP.IntrusionRuleUpload.ruleGroups.id | String | Snort 3 intrusion rule group ID. |
CiscoFP.IntrusionRuleUpload.ruleGroups.name | String | Snort 3 intrusion rule group name. |
CiscoFP.IntrusionRuleUpload.ruleGroups.type | String | Type of the response object. This value is always IntrusionRuleGroup. |
#
Command example!ciscofp-upload-intrusion-rule-file validate_only=True entry_id=7110@117def34-6ca2-4db3-86eb-c9378ad46e65
#
Context Example#
Human Readable Output#
Intrusion Rule Upload Information
Added Count Added Rules Updated Count Deleted Count Skipped Count Unassociated Count 2 2000:1011234,
2000:10112330 0 0 0
#
39. ciscofp-list-intrusion-ruleRetrieves the Snort3 Intrusion rule group. If no ID is specified, it retrieves a list of all Snort3 Intrusion rule groups. Default list size is 50. GET argument: intrusion_rule_id | LIST arguments: sort, filter, expanded_response, limit, page, page_size.
#
Base Commandciscofp-list-intrusion-rule
#
InputArgument Name | Description | Required |
---|---|---|
intrusion_rule_id | Snort 3 intrusion rule ID. | Optional |
expanded_response | Whether to display an expanded response with a list of objects with additional attributes. Possible values are: True, False. | Optional |
sort | Sorting parameters to be provided e.g. sid,-sid,gid,-gid,msg,-msg. | Optional |
filter | Filter the results. Can be any of the following formats: "gid:123;sid:456" or "fts:789" or "overrides:true;ipspolicy:{uuid1,uuid2,...}, where "ipspolicy" is a comma-separated list of Snort 3 Intrusion Policy IDs. | Optional |
limit | The number of items to return. | Optional |
page | The number of pages to return. | Optional |
page_size | The number of items to return in a page. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRule.type | String | Type of the response object. This value is always IntrusionRule. |
CiscoFP.IntrusionRule.id | String | The intrusion rule ID. |
CiscoFP.IntrusionRule.name | String | The intrusion rule name. |
CiscoFP.IntrusionRule.gid | Number | The generator identifier (GID) used to identify the part of Snort which generates an event. |
CiscoFP.IntrusionRule.sid | Number | The signature identifier (SID) used to uniquely identify Snort rules. |
CiscoFP.IntrusionRule.revision | Number | The revision number of a given Snort rule. Incremented by one each time a change is made to a rule. |
CiscoFP.IntrusionRule.isSystemDefined | Boolean | Read-only field indicating if the rule is system-defined (i.e., Talos provided). If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRule.msg | String | User-defined rule description. |
CiscoFP.IntrusionRule.ruleData | String | The details of the rule based on which rule created or updated. |
CiscoFP.IntrusionRule.description | String | User-defined resource description. |
CiscoFP.IntrusionRule.overrideState | String | The override state of the rule. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT. |
CiscoFP.IntrusionRule.defaultState | String | The default rule state. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT. |
CiscoFP.IntrusionRule.ruleAction.defaultState | String | The default rule state for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE. |
CiscoFP.IntrusionRule.ruleAction.overrideState | String | The override state of the rule for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE. |
CiscoFP.IntrusionRule.ruleAction.policy.name | String | The intrusion policy name |
CiscoFP.IntrusionRule.ruleAction.policy.id | String | The intrusion Policy ID |
CiscoFP.IntrusionRule.ruleAction.policy.type | String | The type must be intrusionpolicy |
CiscoFP.IntrusionRule.ruleAction.policy.isSystemDefined | Boolean | Whether the rule is system-defined or user-defined. If the value is false, then rule is user-defined. |
CiscoFP.IntrusionRule.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRule.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRule.metadata.domain.type | String | The domain type (fixed). |
CiscoFP.IntrusionRule.ruleGroups.name | String | User-defined resource name. |
CiscoFP.IntrusionRule.ruleGroups.id | String | The resource ID. |
CiscoFP.IntrusionRule.ruleGroups.type | String | The resource response object. |
#
Command example!ciscofp-list-intrusion-rule limit=3
#
Context Example#
Human Readable Output#
Fetched Intrusion Rule Information
ID Name c45009b0-b6c7-5573-af40-971531d4513c 116:109 bada5682-05cb-521e-9f8c-f4b941f2e48e 112:3 ebf34a54-0864-5e9e-a8fb-803a942ac199 112:4
#
40. ciscofp-create-intrusion-ruleCreates or overrides the Snort 3 Intrusion rule group with the specified parameters. Guide to Snort 3 rule writing: https://docs.snort.org/welcome.
#
Base Commandciscofp-create-intrusion-rule
#
InputArgument Name | Description | Required |
---|---|---|
rule_data | The Snort Rule structure data. Guide to Snort rule structure: https://docs.snort.org/rules/. | Required |
rule_group_ids | Rule group IDs in a comma-separated list. Can be acquired from: ciscofp-list-intrusion-rule-group. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRule.type | String | The response object type. This value is always IntrusionRule. |
CiscoFP.IntrusionRule.id | String | The intrusion rule ID. |
CiscoFP.IntrusionRule.name | String | The intrusion rule name. |
CiscoFP.IntrusionRule.gid | Number | The generator ID (GID) used to identify the part of Snort that generated an event. |
CiscoFP.IntrusionRule.sid | Number | The signature ID (SID) used to uniquely identify Snort rules. |
CiscoFP.IntrusionRule.revision | Number | The revision number of a given Snort rule. Incremented by one each time a change is made to a rule. |
CiscoFP.IntrusionRule.isSystemDefined | Boolean | Read-only field indicating if the rule is system-defined (i.e., Talos provided). If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRule.msg | String | User-provided rule description. |
CiscoFP.IntrusionRule.ruleData | String | The details of the rule based on which rule created or updated. |
CiscoFP.IntrusionRule.description | String | User provided resource description. |
CiscoFP.IntrusionRule.overrideState | String | The override state of the rule. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT. |
CiscoFP.IntrusionRule.defaultState | String | The rule default state. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT. |
CiscoFP.IntrusionRule.ruleAction.defaultState | String | The rule default state for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE. |
CiscoFP.IntrusionRule.ruleAction.overrideState | String | The rule override state for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE. |
CiscoFP.IntrusionRule.ruleAction.policy.name | String | The intrusion policy name. |
CiscoFP.IntrusionRule.ruleAction.policy.id | String | The intrusion Policy ID |
CiscoFP.IntrusionRule.ruleAction.policy.type | String | The type must be intrusionpolicy |
CiscoFP.IntrusionRule.ruleAction.policy.isSystemDefined | Boolean | Whether the rule is system-defined or user-defined. If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRule.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRule.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRule.metadata.domain.type | String | The domain type (fixed). |
CiscoFP.IntrusionRule.ruleGroups.name | String | User-defined resource name. |
CiscoFP.IntrusionRule.ruleGroups.id | String | The resource ID. |
CiscoFP.IntrusionRule.ruleGroups.type | String | The resource response object. |
#
Command example!ciscofp-create-intrusion-rule rule_data="alert ( gid:1; sid:1011226; rev:1; msg:\"This is a test rule\";)" rule_group_ids="005056A6-3FB1-0ed3-0000-004294971373"
#
Context Example#
Human Readable Output#
Created Intrusion Rule Information
ID Name Snort ID Revision Rule Data Rule Group 005056A6-3FB1-0ed3-0000-004294995730 2000:1011226 1011226 1 alert ( gid:2000; sid:1011226; rev:1; msg:"This is a test rule"; classtype:unknown; ) {'name': 'TestGroupUpdate12', 'id': '005056A6-3FB1-0ed3-0000-004294971373', 'type': 'IntrusionRuleGroup'}
#
41. ciscofp-update-intrusion-ruleModifies the Snort3 Intrusion rule group with the specified ID. You must enter one or both of the following: rule_data | rule_group_ids. The variable that was not entered will remain the same. If merging, rule_group_ids must be entered.
#
Base Commandciscofp-update-intrusion-rule
#
InputArgument Name | Description | Required |
---|---|---|
intrusion_rule_id | The Snort 3 intrusion rule ID. | Required |
rule_data | The Snort rule structure data. Guide to Snort rule structure: https://docs.snort.org/rules/. | Optional |
rule_group_ids | Rule group IDs in a comma-separated list. Can be acquired from: ciscofp-list-intrusion-rule-group. | Optional |
update_strategy | The update method to use in the command. Can be "MERGE" or "OVERRIDE". If "MERGE" is used, new rule groups will be appended. If "OVERRIDE" is used, old rule groups will be overwritten. Possible values are: MERGE, OVERRIDE. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRule.type | String | The response object type. This value is always IntrusionRule. |
CiscoFP.IntrusionRule.id | String | The intrusion rule ID. |
CiscoFP.IntrusionRule.name | String | The intrusion rule name. |
CiscoFP.IntrusionRule.gid | Number | The generator identifier (GID) used to identify the part of Snort that generated an event. |
CiscoFP.IntrusionRule.sid | Number | The signature identifier (SID) used to uniquely identify Snort rules. |
CiscoFP.IntrusionRule.revision | Number | The revision number of a given Snort rule. Incremented by one each time a change is made to a rule. |
CiscoFP.IntrusionRule.isSystemDefined | Boolean | Read-only field indicating if the rule is system-defined (i.e., Talos provided). If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRule.msg | String | User-provided rule description. |
CiscoFP.IntrusionRule.ruleData | String | The details of the rule based on which rule created or updated. |
CiscoFP.IntrusionRule.description | String | User provided resource description. |
CiscoFP.IntrusionRule.overrideState | String | The override state of the rule. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT. |
CiscoFP.IntrusionRule.defaultState | String | The default rule state. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT. |
CiscoFP.IntrusionRule.ruleAction.defaultState | String | The default rule state for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE. |
CiscoFP.IntrusionRule.ruleAction.overrideState | String | The override state of the rule for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE. |
CiscoFP.IntrusionRule.ruleAction.policy.name | String | The intrusion policy name. |
CiscoFP.IntrusionRule.ruleAction.policy.id | String | The intrusion Policy ID. |
CiscoFP.IntrusionRule.ruleAction.policy.type | String | The type must be intrusionpolicy. |
CiscoFP.IntrusionRule.ruleAction.policy.isSystemDefined | Boolean | Whether the rule is system-defined or user-defined. If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRule.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRule.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRule.metadata.domain.type | String | The domain type (fixed). |
CiscoFP.IntrusionRule.ruleGroups.name | String | User-defined resource name. |
CiscoFP.IntrusionRule.ruleGroups.id | String | The resource ID. |
CiscoFP.IntrusionRule.ruleGroups.type | String | The resource response object. |
#
Command example!ciscofp-update-intrusion-rule intrusion_rule_id=005056A6-3FB1-0ed3-0000-004294994716 rule_group_ids="005056A6-3FB1-0ed3-0000-004294971373"
#
Context Example#
Human Readable Output#
Updated Intrusion Rule Information
ID Name Snort ID Revision Rule Data Rule Group 005056A6-3FB1-0ed3-0000-004294994716 2000:1011225 1011225 1 alert ( gid:2000; sid:1011225; rev:1; msg:"This is a test rule"; classtype:unknown; ) {'name': 'TestGroupUpdate12', 'id': '005056A6-3FB1-0ed3-0000-004294971373', 'type': 'IntrusionRuleGroup'}
#
42. ciscofp-delete-intrusion-ruleDeletes the specified Snort3 rule.
#
Base Commandciscofp-delete-intrusion-rule
#
InputArgument Name | Description | Required |
---|---|---|
intrusion_rule_id | The Snort 3 intrusion rule ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!ciscofp-delete-intrusion-rule intrusion_rule_id=005056A6-3FB1-0ed3-0000-004294994716
#
Human Readable Output#
Deleted Intrusion Rule Information
ID Name Snort ID Revision Rule Data Rule Group 005056A6-3FB1-0ed3-0000-004294994716 2000:1011225 1011225 1 alert ( gid:2000; sid:1011225; rev:1; msg:"This is a test rule"; classtype:unknown; ) {'name': 'TestGroupUpdate12', 'id': '005056A6-3FB1-0ed3-0000-004294971373', 'type': 'IntrusionRuleGroup'}
#
43. ciscofp-list-intrusion-policyRetrieves the intrusion policy associated with the specified ID. If no ID is specified, retrieves a list of all intrusion policies. Default list size is 50. GET arguments: intrusion_policy_id, include_count | LIST arguments: expanded_response, limit, page, page_size.
#
Base Commandciscofp-list-intrusion-policy
#
InputArgument Name | Description | Required |
---|---|---|
intrusion_policy_id | The intrusion policy ID. | Optional |
include_count | Whether the number of rules should be included in the response. Possible values are: True, False. | Optional |
expanded_response | Whether to display an expanded response with a list of objects with additional attributes. Possible values are: True, False. | Optional |
limit | The number of items to return. | Optional |
page | The number of pages to return. | Optional |
page_size | The number of items to return in a page. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionPolicy.name | String | The intrusion policy name. |
CiscoFP.IntrusionPolicy.id | String | The intrusion policy ID. |
CiscoFP.IntrusionPolicy.type | String | The type of object. This value is always "intrusionpolicy". |
CiscoFP.IntrusionPolicy.description | String | The intrusion policy description. |
CiscoFP.IntrusionPolicy.inlineDrop | Number | The inspection mode for Snort 2 engine only. Can be 0 or 1. |
CiscoFP.IntrusionPolicy.version | String | The version number of the response object. |
CiscoFP.IntrusionPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.IntrusionPolicy.isSystemDefined | Boolean | Whether the policy is system-defined or user-defined. If the value is false, then the policy is user-defined. |
CiscoFP.IntrusionPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.name | String | The mapped policy name. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.id | String | The mapped policy ID. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.type | String | The object type. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.inspectionMode | String | The inspection mode for Snort 3 engine. Can be either DETECTION or PREVENTION. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.alert | Number | The number of alert rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.block | Number | The number of block rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.disabled | Number | The number of disabled rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.overridden | Number | The number of overridden rules. |
CiscoFP.IntrusionPolicy.metadata.usage.accesspolicy | Number | The number of access policies. |
CiscoFP.IntrusionPolicy.metadata.usage.devices | Number | The number of devices. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.name | String | User-defined resource name. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.id | String | The resource ID. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.type | String | The resource response object. |
CiscoFP.IntrusionPolicy.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionPolicy.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionPolicy.metadata.domain.type | String | The domain type. |
CiscoFP.IntrusionPolicy.metadata.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionPolicy.basePolicy.name | String | User-defined resource name. |
CiscoFP.IntrusionPolicy.basePolicy.id | String | The resource ID. |
CiscoFP.IntrusionPolicy.basePolicy.type | String | The resource response object. |
#
Command example!ciscofp-list-intrusion-policy limit=3
#
Context Example#
Human Readable Output#
Fetched Intrusion Policy Information
ID Name 6c66b83c-bc23-55b6-879d-c4d847443503 Balanced Security and Connectivity 4cba6c52-6a07-54cd-a324-5bb7be06a484 Connectivity Over Security 005056A6-3FB1-0ed3-0000-004294975537 Lior Tes
#
44. ciscofp-create-intrusion-policyCreates an intrusion policy with the specified parameters. This command may take a while, you can set the "execution-timeout" field if necessary (X > 300).
#
Base Commandciscofp-create-intrusion-policy
#
InputArgument Name | Description | Required |
---|---|---|
name | The intrusion policy name. | Required |
description | The intrusion policy description. | Optional |
basepolicy_id | The base intrusion policy ID. Can be acquired from: ciscofp-list-intrusion-policy. | Required |
inspection_mode | The inspection mode for Snort 3 engine. Can be either DETECTION or PREVENTION. Possible values are: DETECTION, PREVENTION. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionPolicy.name | String | The intrusion policy name. |
CiscoFP.IntrusionPolicy.id | String | The intrusion policy ID. |
CiscoFP.IntrusionPolicy.type | String | The object type. This value is always "intrusionpolicy". |
CiscoFP.IntrusionPolicy.description | String | The intrusion policy description. |
CiscoFP.IntrusionPolicy.inlineDrop | Number | The inspection mode for Snort 2 engine only. Can be 0 or 1. |
CiscoFP.IntrusionPolicy.version | String | The response object version number. |
CiscoFP.IntrusionPolicy.inspectionMode | String | The inspection mode for Snort 3 engine. Can be either DETECTION or PREVENTION. |
CiscoFP.IntrusionPolicy.isSystemDefined | Boolean | Whether the policy is system-defined or user-defined. If the value is false, then the policy is user-defined. |
CiscoFP.IntrusionPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.name | String | The mapped policy name. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.id | String | The mapped policy ID. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.type | String | The object type. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.alert | Number | The number of alert rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.block | Number | The number of block rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.disabled | Number | The number of disabled rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.overridden | Number | The number of overridden rules. |
CiscoFP.IntrusionPolicy.metadata.usage.accesspolicy | Number | The number of access policies. |
CiscoFP.IntrusionPolicy.metadata.usage.devices | Number | The number of devices. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.name | String | User-defined resource name. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.id | String | The resource ID. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.type | String | The resource response object. |
CiscoFP.IntrusionPolicy.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionPolicy.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionPolicy.metadata.domain.type | String | The domain type. |
CiscoFP.IntrusionPolicy.metadata.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionPolicy.basePolicy.name | String | User-defined resource name. |
CiscoFP.IntrusionPolicy.basePolicy.id | String | The resource ID. |
CiscoFP.IntrusionPolicy.basePolicy.type | String | The resource response object. |
#
Command example!ciscofp-create-intrusion-policy name=TestDocs2IntrusionPolicy basepolicy_id=005056A6-3FB1-0ed3-0000-004294969533
#
Context Example#
Human Readable Output#
Created Intrusion Policy Information
ID Name Inspection Mode Base Policy ID 005056A6-3FB1-0ed3-0000-004294995587 TestDocs2IntrusionPolicy DETECTION 005056A6-3FB1-0ed3-0000-004294969533
#
45. ciscofp-update-intrusion-policyModifies the intrusion policy associated with the specified ID. This command may take a while, you can set the "execution-timeout" field if necessary (X > 300).
#
Base Commandciscofp-update-intrusion-policy
#
InputArgument Name | Description | Required |
---|---|---|
intrusion_policy_id | The intrusion policy ID. | Required |
replicate_inspection_mode | Whether to replicate inspection mode from Snort 3 to Snort 2. Possible values are: True, False. | Optional |
name | The intrusion policy name. | Optional |
description | The intrusion policy description. | Optional |
basepolicy_id | The base intrusion policy ID. Can be acquired from: ciscofp-list-intrusion-policy. | Optional |
inspection_mode | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. Possible values are: DETECTION, PREVENTION. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionPolicy.name | String | The intrusion policy name. |
CiscoFP.IntrusionPolicy.id | String | The intrusion policy ID. |
CiscoFP.IntrusionPolicy.type | String | The object type. This value is always "intrusionpolicy". |
CiscoFP.IntrusionPolicy.description | String | The intrusion policy description. |
CiscoFP.IntrusionPolicy.inlineDrop | Number | The inspection mode for Snort 2 engine only. Can be 0 or 1. |
CiscoFP.IntrusionPolicy.version | String | The response object version number. |
CiscoFP.IntrusionPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.IntrusionPolicy.isSystemDefined | Boolean | Whether the policy is system-defined or user-defined. If the value is false, then the policy is user-defined. |
CiscoFP.IntrusionPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.name | String | The mapped policy name. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.id | String | The mapped policy ID. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.type | String | The object type. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.IntrusionPolicy.metadata.mappedPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.alert | Number | The number of alert rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.block | Number | The number of block rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.disabled | Number | The number of disabled rules. |
CiscoFP.IntrusionPolicy.metadata.ruleCount.overridden | Number | The number of overridden rules. |
CiscoFP.IntrusionPolicy.metadata.usage.accesspolicy | Number | The number of access policies. |
CiscoFP.IntrusionPolicy.metadata.usage.devices | Number | The number of devices. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.name | String | User-defined resource name. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.id | String | The resource ID. |
CiscoFP.IntrusionPolicy.metadata.usage.asscoiatedAcPolicies.type | String | The resource response object. |
CiscoFP.IntrusionPolicy.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionPolicy.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionPolicy.metadata.domain.type | String | The domain type. |
CiscoFP.IntrusionPolicy.metadata.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.IntrusionPolicy.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionPolicy.basePolicy.name | String | User-defined resource name. |
CiscoFP.IntrusionPolicy.basePolicy.id | String | The resource ID. |
CiscoFP.IntrusionPolicy.basePolicy.type | String | The resource response object. |
#
Command example!ciscofp-update-intrusion-policy intrusion_policy_id=005056A6-3FB1-0ed3-0000-004294994664 name=TestIntrusionPolicyToDelete
#
Context Example#
Human Readable Output#
Updated Intrusion Policy Information
ID Name Inspection Mode Base Policy ID 005056A6-3FB1-0ed3-0000-004294994664 TestIntrusionPolicyToDelete DETECTION 005056A6-3FB1-0ed3-0000-004294969533
#
46. ciscofp-delete-intrusion-policyDeletes the intrusion policy associated with the specified ID.
#
Base Commandciscofp-delete-intrusion-policy
#
InputArgument Name | Description | Required |
---|---|---|
intrusion_policy_id | The intrusion policy ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!ciscofp-delete-intrusion-policy intrusion_policy_id=005056A6-3FB1-0ed3-0000-004294994664
#
Human Readable Output#
Deleted Intrusion Policy Information
ID Name Inspection Mode Base Policy ID 005056A6-3FB1-0ed3-0000-004294994664 TestIntrusionPolicyToDelete DETECTION 005056A6-3FB1-0ed3-0000-004294969533
#
47. ciscofp-list-intrusion-rule-groupRetrieves the Snort 3 intrusion rule group. If no ID is specified, retrieves a list of all Snort 3 Intrusion rule groups. The default list size is 50. GET arguments: rule_group_id | LIST arguments: expanded_response, filter, limit, page, page_size.
#
Base Commandciscofp-list-intrusion-rule-group
#
InputArgument Name | Description | Required |
---|---|---|
rule_group_id | The Snort 3 intrusion rule group ID. | Optional |
expanded_response | Whether to display an expanded response with a list of objects with additional attributes. Possible values are: True, False. | Optional |
filter | Filter the results. Can be any of the following formats: "name:Browser/Firefox" or "currentSecurityLevel:DISABLED" or "showonlyparents:{true/false}" or "includeCount:true". | Optional |
limit | The number of items to return. | Optional |
page | The number of pages to return. | Optional |
page_size | The number of items to return in a page. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRuleGroup.name | String | The name of the Snort 3 intrusion rule group. |
CiscoFP.IntrusionRuleGroup.id | String | The Snort 3 intrusion rule group ID. |
CiscoFP.IntrusionRuleGroup.type | String | The response object type. This value is always IntrusionRuleGroup. |
CiscoFP.IntrusionRuleGroup.isSystemDefined | Boolean | Read-only field indicating if the rule group is system-defined (i.e., Talos provided). If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRuleGroup.description | String | Description of the Snort 3 intrusion rule group. |
CiscoFP.IntrusionRuleGroup.version | String | The rule group version. |
CiscoFP.IntrusionRuleGroup.overrideSecurityLevel | String | The override level in context of a policy. Allowed only for a custom intrusion policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.defaultSecurityLevel | String | The default level in context of a policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.name | String | The rule group name associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.id | String | The rule group ID associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.type | String | The rule group type associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.isSystemDefined | Boolean | Read-only field indicating whether the rule group is system-defined (i.e., Talos provided). If the value is false, then the rule group is user-defined. |
CiscoFP.IntrusionRuleGroup.childGroups.description | String | Description of rule group associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.overrideSecurityLevel | String | The override level in context of a policy. Allowed only for a custom intrusion policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.defaultSecurityLevel | String | The default level in context of a policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.name | String | The last username. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.id | String | The last user ID. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.type | String | The last user type. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.type | String | The domain type. |
CiscoFP.IntrusionRuleGroup.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.name | String | The last username. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.id | String | The last user ID. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.type | String | The last user type. |
CiscoFP.IntrusionRuleGroup.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRuleGroup.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRuleGroup.metadata.domain.type | String | The domain type. |
#
Command example!ciscofp-list-intrusion-rule-group limit=3
#
Context Example#
Human Readable Output#
Fetched Intrusion Rule Group Information
ID Name a836656c-4557-11ed-887b-6a7885e25dab Local Rules 20deb0ce-82c9-55c2-891c-46662ae4ff37 Browser bef5d060-3e6b-5ef1-ba2f-d17e92b1c04e Server
#
48. ciscofp-create-intrusion-rule-groupCreates or overrides the Snort 3 intrusion rule group with the specified parameters.
#
Base Commandciscofp-create-intrusion-rule-group
#
InputArgument Name | Description | Required |
---|---|---|
name | The Snort 3 intrusion rule group name. | Required |
description | The Snort 3 intrusion rule group description. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRuleGroup.name | String | The Snort 3 intrusion rule group name. |
CiscoFP.IntrusionRuleGroup.id | String | The Snort 3 intrusion rule group ID. |
CiscoFP.IntrusionRuleGroup.type | String | The response object type. This value is always IntrusionRuleGroup. |
CiscoFP.IntrusionRuleGroup.isSystemDefined | Boolean | Read-only field indicating whether the rule group is system-defined (i.e., Talos provided). If the value is false, then the rule is user-defined. |
CiscoFP.IntrusionRuleGroup.description | String | The Snort 3 intrusion rule group description. |
CiscoFP.IntrusionRuleGroup.version | String | The rule group version. |
CiscoFP.IntrusionRuleGroup.overrideSecurityLevel | String | The override level in context of a policy. Allowed only for a custom intrusion policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.defaultSecurityLevel | String | The default level in context of a policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.name | String | The rule group name associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.id | String | The rule group ID associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.type | String | The rule group type associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.isSystemDefined | Boolean | Read-only field indicating whether the rule group is system-defined (i.e., Talos provided). If the value is false, then the rule group is user-defined. |
CiscoFP.IntrusionRuleGroup.childGroups.description | String | Description of the rule group associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.overrideSecurityLevel | String | The override level in context of a policy. Allowed only for a custom intrusion policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.defaultSecurityLevel | String | The default level in context of a policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.name | String | The last username. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.id | String | The last user ID. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.type | String | The last user type. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.type | String | The domain type. |
CiscoFP.IntrusionRuleGroup.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.name | String | The last username. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.id | String | The last user ID. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.type | String | The last user type. |
CiscoFP.IntrusionRuleGroup.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRuleGroup.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRuleGroup.metadata.domain.type | String | The domain type. |
#
Command example!ciscofp-create-intrusion-rule-group name=TestRuleGroupDocs2
#
Context Example#
Human Readable Output#
Created Intrusion Rule Group Information
ID Name 005056A6-3FB1-0ed3-0000-004294995782 TestRuleGroupDocs2
#
49. ciscofp-update-intrusion-rule-groupModifies the Snort 3 intrusion rule group with the specified ID.
#
Base Commandciscofp-update-intrusion-rule-group
#
InputArgument Name | Description | Required |
---|---|---|
rule_group_id | The Snort 3 intrusion rule group ID. | Required |
name | The Snort 3 intrusion rule group name. | Required |
description | The Snort 3 intrusion rule group description. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.IntrusionRuleGroup.name | String | The Snort 3 intrusion rule group name. |
CiscoFP.IntrusionRuleGroup.id | String | The Snort 3 intrusion rule group ID. |
CiscoFP.IntrusionRuleGroup.type | String | The response object type. This value is always IntrusionRuleGroup. |
CiscoFP.IntrusionRuleGroup.isSystemDefined | Boolean | Read-only field indicating whether the rule group is system-defined (i.e., Talos provided). If the value is false, then the rule group is user-defined. |
CiscoFP.IntrusionRuleGroup.description | String | The Snort 3 intrusion rule group description. |
CiscoFP.IntrusionRuleGroup.version | String | The rule group version. |
CiscoFP.IntrusionRuleGroup.overrideSecurityLevel | String | The override level in context of a policy. Allowed only for a custom intrusion policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.defaultSecurityLevel | String | The default level in context of a policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.name | String | The rule group name associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.id | String | The rule group ID associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.type | String | The rule group type associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.isSystemDefined | Boolean | Read-only field indicating whether the rule group is system-defined (i.e., Talos provided). If the value is false, then the rule group is user-defined. |
CiscoFP.IntrusionRuleGroup.childGroups.description | String | Rule group description associated with the parent rule group. |
CiscoFP.IntrusionRuleGroup.childGroups.overrideSecurityLevel | String | The override level in context of a policy. Allowed only for a custom intrusion policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.defaultSecurityLevel | String | The default level in context of a policy. One of: DISABLED, LEVEL_1, LEVEL_2, LEVEL_3, LEVEL_4. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.name | String | The last username. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.id | String | The last user ID. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.lastUser.type | String | The last user type. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRuleGroup.childGroups.metadata.domain.type | String | The domain type. |
CiscoFP.IntrusionRuleGroup.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.name | String | The last username. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.id | String | The last user ID. |
CiscoFP.IntrusionRuleGroup.metadata.lastUser.type | String | The last user type. |
CiscoFP.IntrusionRuleGroup.metadata.domain.name | String | The domain name. |
CiscoFP.IntrusionRuleGroup.metadata.domain.id | String | The domain ID. |
CiscoFP.IntrusionRuleGroup.metadata.domain.type | String | The domain type. |
#
Command example!ciscofp-update-intrusion-rule-group rule_group_id=005056A6-3FB1-0ed3-0000-004294994731 name=TestRuleGroupToDelete
#
Context Example#
Human Readable Output#
Updated Intrusion Rule Group Information
ID Name Description 005056A6-3FB1-0ed3-0000-004294994731 TestRuleGroupToDelete
#
50. ciscofp-delete-intrusion-rule-groupDeletes the specified Snort 3 intrusion rule group.
#
Base Commandciscofp-delete-intrusion-rule-group
#
InputArgument Name | Description | Required |
---|---|---|
rule_group_id | The Snort 3 intrusion rule group ID. | Required |
delete_related_rules | Whether or not to delete orphan rules. Mandatory if a custom rule group has unique/unshared rules which become orphans after custom rule group delete. Possible values are: True, False. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!ciscofp-delete-intrusion-rule-group rule_group_id=005056A6-3FB1-0ed3-0000-004294994731
#
Human Readable Output#
Deleted Intrusion Rule Group Information
ID Name Description 005056A6-3FB1-0ed3-0000-004294994731 TestRuleGroupToDelete
#
51. ciscofp-list-network-analysis-policyRetrieves the network analysis policy with the specified ID. If no ID is specified, retrieves a list of all network analysis policies. The default list size is 50. GET arguments: network_analysis_policy_id | LIST arguments: expanded_response, limit, page, page_size.
#
Base Commandciscofp-list-network-analysis-policy
#
InputArgument Name | Description | Required |
---|---|---|
network_analysis_policy_id | The network analysis policy ID. | Optional |
expanded_response | Whether to display an expanded response with a list of objects with additional attributes. Possible values are: True, False. | Optional |
limit | The number of items to return. | Optional |
page | The number of pages to return. | Optional |
page_size | The number of items to return in a page. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkAnalysisPolicy.name | String | The network analysis policy name. |
CiscoFP.NetworkAnalysisPolicy.id | String | The network analysis policy ID. |
CiscoFP.NetworkAnalysisPolicy.type | String | The network analysis policy type. |
CiscoFP.NetworkAnalysisPolicy.description | String | The network analysis policy description. |
CiscoFP.NetworkAnalysisPolicy.version | String | The version number of the response object. |
CiscoFP.NetworkAnalysisPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.NetworkAnalysisPolicy.isSystemDefined | Boolean | Whether the policy is system-defined or user-defined. If the value is false, then the policy is user-defined. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.name | String | The mapped policy name. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.id | String | The mapped policy ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.type | String | The mapped policy type. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.alert | Number | The number of alert rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.block | Number | The number of block rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.disabled | Number | The number of disabled rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.overridden | Number | The number of overridden rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.accesspolicy | Number | The number of access policies. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.devices | Number | The number of devices. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.name | String | The last username. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.id | String | The last user ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.type | String | The last user type. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.name | String | The domain name. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.id | String | The domain ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.type | String | The domain type. |
CiscoFP.NetworkAnalysisPolicy.metadata.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.type | String | The resource response object. |
#
Command example!ciscofp-list-network-analysis-policy limit=3
#
Context Example#
Human Readable Output#
Fetched Network Analysis Policy Information
ID Name db7dc865-16b5-5eab-8b5a-c85f3a61690b Balanced Security and Connectivity ae21223c-eb33-5ff0-bbe0-80c702115d13 Connectivity Over Security 8bda2bed-f951-5cca-9d2a-96b9660a4fb1 Maximum Detection
#
52. ciscofp-create-network-analysis-policyCreates a network analysis policy. This command may take a while, you can set the "execution-timeout" field if necessary (X > 300).
#
Base Commandciscofp-create-network-analysis-policy
#
InputArgument Name | Description | Required |
---|---|---|
name | The network analysis policy name. | Required |
description | The network analysis policy description. | Optional |
inspection_mode | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. Possible values are: DETECTION, PREVENTION. | Optional |
basepolicy_id | The base network analysis policy ID. Can be acquired from: ciscofp-list-network-analysis-policy. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkAnalysisPolicy.name | String | The network analysis policy name. |
CiscoFP.NetworkAnalysisPolicy.id | String | The network analysis policy ID. |
CiscoFP.NetworkAnalysisPolicy.type | String | The type must be NetworkAnalysisPolicy. |
CiscoFP.NetworkAnalysisPolicy.description | String | The network analysis policy description. |
CiscoFP.NetworkAnalysisPolicy.version | String | The version number of the response object. |
CiscoFP.NetworkAnalysisPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.NetworkAnalysisPolicy.isSystemDefined | Boolean | Whether the policy is system-defined or user-defined. If the value is false, then the policy is user-defined. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.name | String | The mapped policy name. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.id | String | The mapped policy ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.type | String | The mapped policy type. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.alert | Number | The number of alert rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.block | Number | The number of block rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.disabled | Number | The number of disabled rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.overridden | Number | The number of overridden rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.accesspolicy | Number | The number of access policies. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.devices | Number | The number of devices. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.name | String | The last username. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.id | String | The last user ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.type | String | The last user type. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.name | String | The domain name. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.id | String | The domain ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.type | String | The domain type. |
CiscoFP.NetworkAnalysisPolicy.metadata.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.type | String | The resource response object. |
#
Command example!ciscofp-create-network-analysis-policy basepolicy_id=005056A6-3FB1-0ed3-0000-004294973459 name=TestNetworkAnalysisDocs2
#
Context Example#
Human Readable Output#
Created Network Analysis Policy Information
ID Name Inspection Mode Base Policy ID Base Policy Name 005056A6-3FB1-0ed3-0000-004294995834 TestNetworkAnalysisDocs2 PREVENTION 005056A6-3FB1-0ed3-0000-004294973459 Test2
#
53. ciscofp-update-network-analysis-policyModifies the network analysis policy associated with the specified ID. This command may take a while, you can set the "execution-timeout" field if necessary (X > 300).
#
Base Commandciscofp-update-network-analysis-policy
#
InputArgument Name | Description | Required |
---|---|---|
network_analysis_policy_id | The network analysis policy ID. | Required |
replicate_inspection_mode | Whether to replicate inspection mode from Snort 3 to Snort 2. Possible values are: True, False. | Optional |
name | The network analysis policy name. | Optional |
description | The network analysis policy description. | Optional |
inspection_mode | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. Possible values are: DETECTION, PREVENTION. | Optional |
basepolicy_id | The base network analysis policy ID. Can be acquired from: ciscofp-list-network-analysis-policy. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
CiscoFP.NetworkAnalysisPolicy.name | String | The network analysis policy name. |
CiscoFP.NetworkAnalysisPolicy.id | String | The network analysis policy ID. |
CiscoFP.NetworkAnalysisPolicy.type | String | The type must be NetworkAnalysisPolicy. |
CiscoFP.NetworkAnalysisPolicy.description | String | The network analysis policy description. |
CiscoFP.NetworkAnalysisPolicy.version | String | The version number of the response object. |
CiscoFP.NetworkAnalysisPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.NetworkAnalysisPolicy.isSystemDefined | Boolean | Whether the policy is system-defined or user-defined. If the value is false, then the policy is user-defined. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.name | String | The mapped policy name. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.id | String | The mapped policy ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.type | String | The mapped policy type. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.inspectionMode | String | The inspection mode for Snort 3 engine only. Can be either DETECTION or PREVENTION. |
CiscoFP.NetworkAnalysisPolicy.metadata.mappedPolicy.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.alert | Number | The number of alert rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.block | Number | The number of block rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.disabled | Number | The number of disabled rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.ruleCount.overridden | Number | The number of overridden rules. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.asscoiatedAcPolicies.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.accesspolicy | Number | The number of access policies. |
CiscoFP.NetworkAnalysisPolicy.metadata.usage.devices | Number | The number of devices. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.name | String | The last username. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.id | String | The last user ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.lastUser.type | String | The last user type. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.name | String | The domain name. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.id | String | The domain ID. |
CiscoFP.NetworkAnalysisPolicy.metadata.domain.type | String | The domain type. |
CiscoFP.NetworkAnalysisPolicy.metadata.snortEngine | String | The Snort engine version. Can be either SNORT2 or SNORT3. |
CiscoFP.NetworkAnalysisPolicy.metadata.timestamp | Number | The metadata timestamp. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.inspectorConfig.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.inspectorOverrideConfig.type | String | The resource response object. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.name | String | User-defined resource name. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.id | String | The resource ID. |
CiscoFP.NetworkAnalysisPolicy.basePolicy.type | String | The resource response object. |
#
Command example!ciscofp-update-network-analysis-policy network_analysis_policy_id=005056A6-3FB1-0ed3-0000-004294994745 name=TestNetworkAnalysisToDelete
#
Context Example#
Human Readable Output#
Updated Network Analysis Policy Information
ID Name Inspection Mode Base Policy ID Base Policy Name 005056A6-3FB1-0ed3-0000-004294994745 TestNetworkAnalysisToDelete PREVENTION 005056A6-3FB1-0ed3-0000-004294973459 Test2
#
54. ciscofp-delete-network-analysis-policyDeletes the network analysis policy associated with the specified ID.
#
Base Commandciscofp-delete-network-analysis-policy
#
InputArgument Name | Description | Required |
---|---|---|
network_analysis_policy_id | The network analysis policy ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!ciscofp-delete-network-analysis-policy network_analysis_policy_id=005056A6-3FB1-0ed3-0000-004294994745
#
Human Readable Output#
Deleted Network Analysis Policy Information
ID Name Inspection Mode Base Policy ID Base Policy Name 005056A6-3FB1-0ed3-0000-004294994745 TestNetworkAnalysisToDelete PREVENTION 005056A6-3FB1-0ed3-0000-004294973459 Test2