Skip to main content

Forcepoint Security Management Center

This Integration is part of the Forcepoint Security Management Center Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Forcepoint SMC provides unified, centralized management of all models of Forcepoint engines whether physical, virtual or cloud—across large, geographically distributed enterprise environments. This integration was integrated and tested with version 6.10 of Forcepoint Security Management Center

Configure Forcepoint Security Management Center in Cortex#

ParameterDescriptionRequired
Server URLTrue
API KeyThe API Key to use for connectionTrue
PortTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

forcepoint-smc-ip-list-create#


Creates an IP list.

Base Command#

forcepoint-smc-ip-list-create

Input#

Argument NameDescriptionRequired
nameThe name of the IP list to create.Required
addressesA comma-separated list of IP addresses.Optional
commentThe comment to add to the IP List.Optional

Context Output#

PathTypeDescription
ForcepointSMC.IPList.NameStringThe name of the IP list.
ForcepointSMC.IPList.AddressesUnknownThe list of addresses in the IP list.
ForcepointSMC.IPList.CommentStringThe comment for the IP list.

Command example#

!forcepoint-smc-ip-list-create name="name" addresses="1.1.1.1" comment="test"

Context Example#

{
"ForcepointSMC": {
"IPList": {
"Addresses": [
"1.1.1.1"
],
"Comment": "test",
"Name": "name"
}
}
}

Human Readable Output#

IP List name was created successfully.

forcepoint-smc-ip-list-update#


Updates an IP list.

Base Command#

forcepoint-smc-ip-list-update

Input#

Argument NameDescriptionRequired
nameThe name of the IP list.Required
addressesA comma-separated list of addresses to update.Optional
is_overrideIf false, the list of addresses will be appended to the existing one. Else, the list will be overwritten. Default is False. Possible values are: False, True.Optional

Context Output#

PathTypeDescription
ForcepointSMC.IPList.NameStringThe name of the IP list.
ForcepointSMC.IPList.AddressesUnknownThe list of addresses in the IPList
ForcepointSMC.IPList.CommentStringThe comment for the IP list.

Command example#

!forcepoint-smc-ip-list-update name="name" addresses="1.2.3.4" comment="test" is_override=True

Context Example#

{
"ForcepointSMC": {
"IPList": {
"Addresses": [
"1.2.3.4"
],
"Comment": "test",
"Name": "name"
}
}
}

Human Readable Output#

IP List name was updated successfully.

forcepoint-smc-ip-list-list#


Lists the IP Lists in the system.

Base Command#

forcepoint-smc-ip-list-list

Input#

Argument NameDescriptionRequired
nameThe name of a specific IP list to fetch. Overrides the other arguments if used.Optional
limitThe maximum number of IP lists to return. Default value is 50.Optional
all_resultsWhether to return all of the results or not. Default value is False.Optional

Context Output#

PathTypeDescription
ForcepointSMC.IPList.NameStringThe name of the IP list.
ForcepointSMC.IPList.AddressesUnknownThe list of addresses in the IP list.
ForcepointSMC.IPList.CommentStringThe comment of the IPList

Command example#

!forcepoint-smc-ip-list-list name="name"

Context Example#

{
"ForcepointSMC": {
"IPList": {
"Addresses": [
"1.2.3.4"
],
"Comment": "test",
"Name": "name"
}
}
}

Human Readable Output#

IP Lists:#

NameAddressesComment
name1.2.3.4test

forcepoint-smc-ip-list-delete#


Deletes an IP list.

Base Command#

forcepoint-smc-ip-list-delete

Input#

Argument NameDescriptionRequired
nameThe name of the IP list to delete.Required

Context Output#

PathTypeDescription
ForcepointSMC.IPList.NameStringThe name of the IP list.
ForcepointSMC.IPList.DeletedBooleanWhether the IP list was deleted.

Command example#

!forcepoint-smc-ip-list-delete name="name"

Context Example#

{
"ForcepointSMC": {
"IPList": {
"Deleted": true,
"Name": "name"
}
}
}

Human Readable Output#

IP List name was deleted successfully.

forcepoint-smc-host-list#


Lists the hosts in the system.

Base Command#

forcepoint-smc-host-list

Input#

Argument NameDescriptionRequired
nameThe name of a specific host to fetch.Optional
limitThe maximum number of hosts to return. Default value is 50.Optional
all_resultsWhether to return all of the results. Overrides the other arguments if used. Default value is False.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Host.NameStringThe name of the host.
ForcepointSMC.Host.AddressStringThe address of the host.
ForcepointSMC.Host.IPv6_addressStringThe IPv6 address of the host.
ForcepointSMC.Host.Secondary_addressStringThe secondary address of the host.
ForcepointSMC.Host.CommentStringThe comment for the host.

Command example#

!forcepoint-smc-host-list name="name"

Context Example#

{
"ForcepointSMC": {
"Host": {
"Address": "1.1.1.1",
"Comment": null,
"IPv6_address": "",
"Name": "name",
"Secondary_address": []
}
}
}

Human Readable Output#

Hosts:#

NameAddress
name1.1.1.1

forcepoint-smc-host-create#


Creates a new host.

Base Command#

forcepoint-smc-host-create

Input#

Argument NameDescriptionRequired
nameThe name of a specific host to fetch.Required
addressThe address of the host. Cannot be combined with the ipv6_address argument.Optional
ipv6_addressThe IPv6 address of the host. Cannot be combined with the address argument.Optional
secondary_addressA comma-separated list of secondary addresses of the host.Optional
commentThe comment to add to the host.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Host.NameStringThe name of the host.
ForcepointSMC.Host.AddressStringThe address of the host.
ForcepointSMC.Host.IPv6_addressStringThe IPv6 address of the host.
ForcepointSMC.Host.Secondary_addressUnknownThe secondary address of the host.
ForcepointSMC.Host.CommentStringThe comment for the host.

Command example#

!forcepoint-smc-host-create name="name" address="1.1.1.1"

Context Example#

{
"ForcepointSMC": {
"Host": {
"Address": "1.1.1.1",
"Comment": "",
"IPv6_address": "",
"Name": "name",
"Secondary_address": []
}
}
}

Human Readable Output#

Host name was created successfully.

forcepoint-smc-host-update#


Updates a host.

Base Command#

forcepoint-smc-host-update

Input#

Argument NameDescriptionRequired
nameThe name of the host to update.Required
addressThe address of the host. Cannot be combined with the ipv6_address argument.Optional
ipv6_addressThe IPv6 address of the host. Cannot be combined with the address argument.Optional
secondary_addresscomma-separated list of secondary addresses of the host.Optional
commentThe comment to add to the host.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Host.NameStringThe name of the host.
ForcepointSMC.Host.AddressStringThe address of the host.
ForcepointSMC.Host.IPv6_addressStringThe IPv6 address of the host.
ForcepointSMC.Host.Secondary_addressStringThe secondary address of the host.
ForcepointSMC.Host.CommentStringThe comment for the host.

Command example#

!forcepoint-smc-host-update name="name" address="1.2.3.4"

Context Example#

{
"ForcepointSMC": {
"Host": {
"Address": "1.2.3.4",
"Comment": null,
"IPv6_address": "",
"Name": "name",
"Secondary_address": []
}
}
}

Human Readable Output#

Host name was updated successfully.

forcepoint-smc-host-delete#


Deletes a host.

Base Command#

forcepoint-smc-host-delete

Input#

Argument NameDescriptionRequired
nameThe name of the host to delete.Required

Context Output#

PathTypeDescription
ForcepointSMC.Host.NameStringThe name of the host.
ForcepointSMC.Host.DeletedBooleanWhether the host was deleted.

Command example#

!forcepoint-smc-host-delete name="name"

Context Example#

{
"ForcepointSMC": {
"Host": {
"Deleted": true,
"Name": "name"
}
}
}

Human Readable Output#

Host name was deleted successfully.

forcepoint-smc-domain-create#


Creates a new domain.

Base Command#

forcepoint-smc-domain-create

Input#

Argument NameDescriptionRequired
nameThe name of the domain to create.Required
commentThe comment to add to the domain.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Domain.NameStringThe name of the host.
ForcepointSMC.Domain.CommentStringThe comment of the host.

Command example#

!forcepoint-smc-domain-create name="name"

Context Example#

{
"ForcepointSMC": {
"Domain": {
"Comment": "",
"Name": "name"
}
}
}

Human Readable Output#

Domain name was created successfully.

forcepoint-smc-domain-list#


Lists the domains in the system.

Base Command#

forcepoint-smc-domain-list

Input#

Argument NameDescriptionRequired
nameThe name of a specific domain to fetch.Optional
limitThe maximum number of hosts to return. Default value is 50.Optional
all_resultsWhether to return all of the results. Overrides the other arguments if used. Default value is False.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Domain.NameStringThe name of the domain.
ForcepointSMC.Domain.CommentStringThe comment for the domain.

Command example#

!forcepoint-smc-domain-list name="name"

Context Example#

{
"ForcepointSMC": {
"Domain": {
"Comment": null,
"Name": "name"
}
}
}

Human Readable Output#

Domains:#

Name
name

forcepoint-smc-domain-delete#


Deletes a domain.

Base Command#

forcepoint-smc-domain-delete

Input#

Argument NameDescriptionRequired
nameThe name of the domain to delete.Required

Context Output#

PathTypeDescription
ForcepointSMC.Domain.NameStringThe name of the domain.
ForcepointSMC.Domain.DeletedBooleanWhether the domain was deleted.

Command example#

!forcepoint-smc-domain-delete name="name"

Context Example#

{
"ForcepointSMC": {
"Domain": {
"Deleted": true,
"Name": "name"
}
}
}

Human Readable Output#

Domain name was deleted successfully.

forcepoint-smc-policy-template-list#


Lists the policy templates in the system.

Base Command#

forcepoint-smc-policy-template-list

Input#

Argument NameDescriptionRequired
limitThe maximum number of policy templates to return. Default value is 50.Optional
all_resultsWhether to return all of the results. Overrides the other arguments if used. Default value is False.Optional

Context Output#

PathTypeDescription
ForcepointSMC.PolicyTemplate.NameStringThe name of the firewall policy template.
ForcepointSMC.PolicyTemplate.CommentStringThe comment for the firewall policy.

Command example#

!forcepoint-smc-policy-template-list limit=1

Context Example#

{
"ForcepointSMC": {
"PolicyTemplate": {
"Comment": "Firewall Template Policy that uses Inspection rules from the No Inspection Policy.",
"Name": "Firewall Template"
}
}
}

Human Readable Output#

Policy template:#

NameComment
Firewall TemplateFirewall Template Policy that uses Inspection rules from the No Inspection Policy.

forcepoint-smc-firewall-policy-list#


Lists the firewall policies in the system.

Base Command#

forcepoint-smc-firewall-policy-list

Input#

Argument NameDescriptionRequired
limitThe maximum number of firewall policies to return. Default value is 50.Optional
all_resultsWhether to return all of the results. Overrides the other arguments if used. Default value is False.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Policy.NameStringThe name of the firewall policy.
ForcepointSMC.Policy.CommentStringThe comment for the firewall policy.

Command example#

!forcepoint-smc-firewall-policy-list limit=1

Context Example#

{
"ForcepointSMC": {
"FirewallPolicy": {
"Comment": null,
"Name": "Policy For May To Test PC"
}
}
}

Human Readable Output#

Firewall policies:#

Name
Policy For May To Test PC

forcepoint-smc-firewall-policy-create#


Creates a firewall policy.

Base Command#

forcepoint-smc-firewall-policy-create

Input#

Argument NameDescriptionRequired
nameThe name of the firewall policy.Required
templateThe template name to use to create the firewall policy. Run the forcepoint-smc-policy-template-list command to get the list of policy templates.Required

Context Output#

PathTypeDescription
ForcepointSMC.Policy.NameStringThe name of the firewall policy.
ForcepointSMC.Policy.CommentStringThe comment for the firewall policy.

Command example#

!forcepoint-smc-firewall-policy-create name="name" template="Firewall Template"

Context Example#

{
"ForcepointSMC": {
"Policy": {
"Comment": null,
"Name": "name"
}
}
}

Human Readable Output#

Firewall policy name was created successfully.

forcepoint-smc-firewall-policy-delete#


Deletes a firewall policy.

Base Command#

forcepoint-smc-firewall-policy-delete

Input#

Argument NameDescriptionRequired
nameThe name of the policy to delete.Required

Context Output#

PathTypeDescription
ForcepointSMC.Policy.NameStringThe name of the firewall policy.
ForcepointSMC.Policy.DeletedBooleanWhether the policy was deleted.

Command example#

!forcepoint-smc-firewall-policy-delete name="name"

Context Example#

{
"ForcepointSMC": {
"Policy": {
"Deleted": true,
"Name": "name"
}
}
}

Human Readable Output#

Firewall policy name was deleted successfully.

forcepoint-smc-rule-create#


Creates a rule.

Base Command#

forcepoint-smc-rule-create

Input#

Argument NameDescriptionRequired
policy_nameThe name of the firewall policy.Required
rule_nameThe name of the rule to create.Required
ip_versionThe ip_version of the rule. Possible values are: V4, V6.Required
source_ip_listA comma-separated list of source ip-list names to use to create the rule. Run the forcepoint-ip-list-list command to get the list of ip lists.Optional
source_hostA comma-separated list of source host names to use to create the rule. Run the forcepoint-host-list command to get the list of hosts.Optional
source_domainA comma-separated list of source domain names to use to create the rule. Run the forcepoint-domain-list command to get the list of domains.Optional
destination_ip_listA comma-separated list of destination ip-list names to use to create the rule. Run the forcepoint-ip-list-list command to get the list of ip lists.Optional
destination_hostA comma-separated list of destination host names to use to create the rule. Run the forcepoint-host-list command to get the list of hosts.Optional
destination_domainA comma-separated list of destination domain names to use to create the rule. Run the forcepoint-domain-list command to get the list of domains.Optional
actionThe action of the rule. Possible values are: allow, continue, discard, refuse, enforce_vpn, apply_vpn, forward_vpn, blacklist, forced_next_hop.Required
commentThe comment to add to the rule.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Rule.NameStringThe name of the rule.
ForcepointSMC.Rule.IDStringThe ID of the rule.
ForcepointSMC.Rule.IP_versionStringThe IP version of the rule.
ForcepointSMC.Rule.ActionStringThe action of the rule.
ForcepointSMC.Rule.CommentStringThe comment for the rule.

Command example#

!forcepoint-smc-rule-create policy_name="name" action=allow rule_name="test" destination_ip_list="test" ip_version="V4"

Context Example#

{
"ForcepointSMC": {
"Rule": {
"Action": [
"allow"
],
"Comment": "",
"Destinations": [
"test"
],
"ID": "2097186.0",
"IP_version": "V4",
"Name": "test",
"Services": [],
"Sources": []
}
}
}

Human Readable Output#

The rule test to the policy name was created successfully.

forcepoint-smc-rule-update#


Updates a rule.

Base Command#

forcepoint-smc-rule-update

Input#

Argument NameDescriptionRequired
policy_nameThe name of the firewall policy.Required
rule_nameThe name of the rule to update.Required
is_overrideWhether to override the existing values. Default value is False. Possible values are: False, True.Optional
ip_versionThe ip_version of the rule. Possible values are: V4, V6.Required
source_ip_listA comma-separated list of source ip-list names to use to update the rule. Run the forcepoint-ip-list-list command to get the list of ip lists.Optional
source_hostA comma-separated list of source host names to use to update the rule. Run the forcepoint-host-list command to get the list of hosts.Optional
source_domainA comma-separated list of source domain names to use to update the rule. Run the forcepoint-domain-list command to get the list of domains.Optional
destination_ip_listA comma-separated list of destination ip-list names to use to update the rule. Run the forcepoint-ip-list-list command to get the list of ip lists.Optional
destination_hostA comma-separated list of destination host names to use to update the rule. Run the forcepoint-host-list command to get the list of hosts.Optional
destination_domainA comma-separated list of destination domain names to use to update the rule. Run the forcepoint-domain-list command to get the list of domains.Optional
actionThe action of the rule. Possible values are: allow, continue, discard, refuse, enforce_vpn, apply_vpn, forward_vpn, blacklist, forced_next_hop.Optional
commentThe comment to add to the rule.Optional

Context Output#

There is no context output for this command.

Command example#

!forcepoint-smc-rule-update policy_name="name" action=continue rule_name="test" source_ip_list="test" ip_version="V4"

Human Readable Output#

The rule test to the policy name was updated successfully.

forcepoint-smc-rule-list#


Lists the rules in a specific policy.

Base Command#

forcepoint-smc-rule-list

Input#

Argument NameDescriptionRequired
policy_nameThe name of the firewall policy.Required

Context Output#

PathTypeDescription
ForcepointSMC.Rule.NameStringThe name of the rule.
ForcepointSMC.Rule.IDStringThe ID of the rule.
ForcepointSMC.Rule.IP_versionStringThe IP version of the rule.
ForcepointSMC.Rule.SourcesUnknownThe sources of the rule.
ForcepointSMC.Rule.DestinationsUnknownThe destinations of the rule.
ForcepointSMC.Rule.ServicesUnknownThe services of the rule.
ForcepointSMC.Rule.ActionsUnknownThe actions of the rule.
ForcepointSMC.Rule.CommentStringThe comment of the rule.

Command example#

!forcepoint-smc-rule-list policy_name="name"

Context Example#

{
"ForcepointSMC": {
"Rule": {
"Actions": [
"continue"
],
"Comment": "",
"Destinations": [
"test"
],
"ID": "2097186.1",
"IP_version": "V4",
"Name": "test",
"Services": [],
"Sources": [
"test"
]
}
}
}

Human Readable Output#

Rules:#

NameIDIP_versionSourcesDestinationsActions
test2097186.1V4testtestcontinue

forcepoint-smc-rule-delete#


Deletes a rule.

Base Command#

forcepoint-smc-rule-delete

Input#

Argument NameDescriptionRequired
policy_nameThe name of the firewall policy.Required
rule_nameThe name of the rule to delete.Required
ip_versionThe ip_version of the rule. Possible values are: V4, V6.Required

Context Output#

PathTypeDescription
ForcepointSMC.Rule.IDStringThe ID of the rule.
ForcepointSMC.Rule.DeletedBooleanWhether the rule was deleted.

Command example#

!forcepoint-smc-rule-delete policy_name="name" rule_name="test" ip_version=V4

Context Example#

{
"ForcepointSMC": {
"Rule": {
"Deleted": true,
"Name": "test"
}
}
}

Human Readable Output#

Rule test was deleted successfully.

forcepoint-smc-engine-list#


Lists the engines in the system.

Base Command#

forcepoint-smc-engine-list

Input#

Argument NameDescriptionRequired
limitThe maximum number of engines to return. Default value is 50.Optional
all_resultsWhether to return all of the results or not, overrides the other arguments if used. Default value is False.Optional

Context Output#

PathTypeDescription
ForcepointSMC.Engine.NameStringThe name of the engine.
ForcepointSMC.Engine.CommentStringThe comment for the engine.

Command example#

!forcepoint-smc-engine-list limit=1

Context Example#

{
"ForcepointSMC": {
"Engine": {
"Comment": "Forcepoint Engine element pre-populated by installer",
"Name": "Forcepoint Engine"
}
}
}

Human Readable Output#

Engines:#

NameComment
Forcepoint EngineForcepoint Engine element pre-populated by installer