Skip to main content

FireMon Security Manager

This Integration is part of the FireMon Security Manager Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

FireMon Security Manager delivers comprehensive rule lifecycle management to help you manage and automate every stage of the change management process. Workflows can be customized and automated to conform to your security goals and standards, with tools at your disposal to evolve policy and protection over time.

Configure FireMon Security Manager on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for FireMon Security Manager.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URL (e.g. https://example.net)True
    UsernameTrue
    PasswordTrue
    Fetch incidentsFalse
    Incident typeFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Incidents Fetch IntervalFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

firemon-user-authentication#


Returns authentication token

Base Command#

firemon-user-authentication

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
FireMonSecurityManager.Authentication.tokenStringAuthentication token

firemon-create-pp-ticket#


Creates a ticket in policy planner application

Base Command#

firemon-create-pp-ticket

Input#

Argument NameDescriptionRequired
domain_idDomain Id.Required
workflow_nameWorkflow Name. Default is Access Req WF.Optional
requirementAdd requirement.Optional
priorityPriority of Policy Planner Ticket. Default is LOW.Required
due_dateDue Date of Policy Planner Ticket.Required

Context Output#

PathTypeDescription
FireMonSecurityManager.CreatePPTicket.pp_ticketUnknownResponse for Policy Planner Ticket

firemon-pca#


PCA- Pre-Change Assessment is process of showing impact of created devices changes in early stages before implementing changes to devices. We can check the PCA table in Review stage of Policy planner ticket.

Base Command#

firemon-pca

Input#

Argument NameDescriptionRequired
domain_idDomain ID.Optional
device_group_idDeviceGroup ID.Optional
destinationsEnter comma seperated destination values.Optional
sourcesEnter comma seperated source values.Optional
servicesEnter comma seperated service values.Optional
actionPCA.Required

Context Output#

PathTypeDescription
FireMonSecurityManager.PCA.pcaUnknownResponse for PCA

firemon-secmgr-secrule-search#


Searches for security rules using the SIQL language query (limit to 10k)

Base Command#

firemon-secmgr-secrule-search

Input#

Argument NameDescriptionRequired
qSIQL query to search for security rules.Required
pageSizeNumber of results in the page. Default is 10.Optional
pagePage in which to retrieve results. Default is 0.Optional

Context Output#

PathTypeDescription
FireMonSecurityManager.SIQL.matchIdUnknownResposne for the SIQL query

Base Command#

firemon-collector-get-all

Input#

Argument NameDescriptionRequired
pageSizeNumber of results in the page.Optional
pagePage in which to retrieve results.Optional

Context Output#

PathTypeDescription
FireMonSecurityManager.CollectorUnknownFiremon Collector Infomation.

Base Command#

firemon-collector-get-status-byid

Input#

Argument NameDescriptionRequired
idCollector id.true

Context Output#

PathTypeDescription
FireMonSecurityManager.CollectorStatusUnknownFiremon Collector Status.