FireMon Security Manager
FireMon Security Manager Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
FireMon Security Manager delivers comprehensive rule lifecycle management to help you manage and automate every stage of the change management process. Workflows can be customized and automated to conform to your security goals and standards, with tools at your disposal to evolve policy and protection over time.
#
Configure FireMon Security Manager in CortexParameter | Required |
---|---|
Server URL (e.g. https://example.net) | True |
Username | True |
Password | True |
Fetch incidents | False |
Incident type | False |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
Incidents Fetch Interval | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
firemon-user-authenticationReturns authentication token
#
Base Commandfiremon-user-authentication
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
FireMonSecurityManager.Authentication.token | String | Authentication token |
#
firemon-create-pp-ticketCreates a ticket in policy planner application
#
Base Commandfiremon-create-pp-ticket
#
InputArgument Name | Description | Required |
---|---|---|
domain_id | Domain Id. | Required |
workflow_name | Workflow Name. Default is Access Req WF. | Optional |
requirement | Add requirement. | Optional |
priority | Priority of Policy Planner Ticket. Default is LOW. | Required |
due_date | Due Date of Policy Planner Ticket. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
FireMonSecurityManager.CreatePPTicket.pp_ticket | Unknown | Response for Policy Planner Ticket |
#
firemon-pcaPCA- Pre-Change Assessment is process of showing impact of created devices changes in early stages before implementing changes to devices. We can check the PCA table in Review stage of Policy planner ticket.
#
Base Commandfiremon-pca
#
InputArgument Name | Description | Required |
---|---|---|
domain_id | Domain ID. | Optional |
device_group_id | DeviceGroup ID. | Optional |
destinations | Enter comma seperated destination values. | Optional |
sources | Enter comma seperated source values. | Optional |
services | Enter comma seperated service values. | Optional |
action | PCA. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
FireMonSecurityManager.PCA.pca | Unknown | Response for PCA |
#
firemon-secmgr-secrule-searchSearches for security rules using the SIQL language query (limit to 10k)
#
Base Commandfiremon-secmgr-secrule-search
#
InputArgument Name | Description | Required |
---|---|---|
q | SIQL query to search for security rules. | Required |
pageSize | Number of results in the page. Default is 10. | Optional |
page | Page in which to retrieve results. Default is 0. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FireMonSecurityManager.SIQL.matchId | Unknown | Resposne for the SIQL query |
#
Base Commandfiremon-collector-get-all
#
InputArgument Name | Description | Required |
---|---|---|
pageSize | Number of results in the page. | Optional |
page | Page in which to retrieve results. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
FireMonSecurityManager.Collector | Unknown | Firemon Collector Infomation. |
#
Base Commandfiremon-collector-get-status-byid
#
InputArgument Name | Description | Required |
---|---|---|
id | Collector id. | true |
#
Context OutputPath | Type | Description |
---|---|---|
FireMonSecurityManager.CollectorStatus | Unknown | Firemon Collector Status. |