Forcepoint Security Management Center
Forcepoint Security Management Center Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
Forcepoint SMC provides unified, centralized management of all models of Forcepoint engines whether physical, virtual or cloud—across large, geographically distributed enterprise environments. This integration was integrated and tested with version 6.10 of Forcepoint Security Management Center
#
Configure Forcepoint Security Management Center in CortexParameter | Description | Required |
---|---|---|
Server URL | True | |
API Key | The API Key to use for connection | True |
Port | True | |
Trust any certificate (not secure) | False | |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
forcepoint-smc-ip-list-createCreates an IP list.
#
Base Commandforcepoint-smc-ip-list-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the IP list to create. | Required |
addresses | A comma-separated list of IP addresses. | Optional |
comment | The comment to add to the IP List. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.IPList.Name | String | The name of the IP list. |
ForcepointSMC.IPList.Addresses | Unknown | The list of addresses in the IP list. |
ForcepointSMC.IPList.Comment | String | The comment for the IP list. |
#
Command example!forcepoint-smc-ip-list-create name="name" addresses="1.1.1.1" comment="test"
#
Context Example#
Human Readable OutputIP List name was created successfully.
#
forcepoint-smc-ip-list-updateUpdates an IP list.
#
Base Commandforcepoint-smc-ip-list-update
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the IP list. | Required |
addresses | A comma-separated list of addresses to update. | Optional |
is_override | If false, the list of addresses will be appended to the existing one. Else, the list will be overwritten. Default is False. Possible values are: False, True. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.IPList.Name | String | The name of the IP list. |
ForcepointSMC.IPList.Addresses | Unknown | The list of addresses in the IPList |
ForcepointSMC.IPList.Comment | String | The comment for the IP list. |
#
Command example!forcepoint-smc-ip-list-update name="name" addresses="1.2.3.4" comment="test" is_override=True
#
Context Example#
Human Readable OutputIP List name was updated successfully.
#
forcepoint-smc-ip-list-listLists the IP Lists in the system.
#
Base Commandforcepoint-smc-ip-list-list
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of a specific IP list to fetch. Overrides the other arguments if used. | Optional |
limit | The maximum number of IP lists to return. Default value is 50. | Optional |
all_results | Whether to return all of the results or not. Default value is False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.IPList.Name | String | The name of the IP list. |
ForcepointSMC.IPList.Addresses | Unknown | The list of addresses in the IP list. |
ForcepointSMC.IPList.Comment | String | The comment of the IPList |
#
Command example!forcepoint-smc-ip-list-list name="name"
#
Context Example#
Human Readable Output#
IP Lists:
Name Addresses Comment name 1.2.3.4 test
#
forcepoint-smc-ip-list-deleteDeletes an IP list.
#
Base Commandforcepoint-smc-ip-list-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the IP list to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.IPList.Name | String | The name of the IP list. |
ForcepointSMC.IPList.Deleted | Boolean | Whether the IP list was deleted. |
#
Command example!forcepoint-smc-ip-list-delete name="name"
#
Context Example#
Human Readable OutputIP List name was deleted successfully.
#
forcepoint-smc-host-listLists the hosts in the system.
#
Base Commandforcepoint-smc-host-list
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of a specific host to fetch. | Optional |
limit | The maximum number of hosts to return. Default value is 50. | Optional |
all_results | Whether to return all of the results. Overrides the other arguments if used. Default value is False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Host.Name | String | The name of the host. |
ForcepointSMC.Host.Address | String | The address of the host. |
ForcepointSMC.Host.IPv6_address | String | The IPv6 address of the host. |
ForcepointSMC.Host.Secondary_address | String | The secondary address of the host. |
ForcepointSMC.Host.Comment | String | The comment for the host. |
#
Command example!forcepoint-smc-host-list name="name"
#
Context Example#
Human Readable Output#
Hosts:
Name Address name 1.1.1.1
#
forcepoint-smc-host-createCreates a new host.
#
Base Commandforcepoint-smc-host-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of a specific host to fetch. | Required |
address | The address of the host. Cannot be combined with the ipv6_address argument. | Optional |
ipv6_address | The IPv6 address of the host. Cannot be combined with the address argument. | Optional |
secondary_address | A comma-separated list of secondary addresses of the host. | Optional |
comment | The comment to add to the host. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Host.Name | String | The name of the host. |
ForcepointSMC.Host.Address | String | The address of the host. |
ForcepointSMC.Host.IPv6_address | String | The IPv6 address of the host. |
ForcepointSMC.Host.Secondary_address | Unknown | The secondary address of the host. |
ForcepointSMC.Host.Comment | String | The comment for the host. |
#
Command example!forcepoint-smc-host-create name="name" address="1.1.1.1"
#
Context Example#
Human Readable OutputHost name was created successfully.
#
forcepoint-smc-host-updateUpdates a host.
#
Base Commandforcepoint-smc-host-update
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the host to update. | Required |
address | The address of the host. Cannot be combined with the ipv6_address argument. | Optional |
ipv6_address | The IPv6 address of the host. Cannot be combined with the address argument. | Optional |
secondary_address | comma-separated list of secondary addresses of the host. | Optional |
comment | The comment to add to the host. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Host.Name | String | The name of the host. |
ForcepointSMC.Host.Address | String | The address of the host. |
ForcepointSMC.Host.IPv6_address | String | The IPv6 address of the host. |
ForcepointSMC.Host.Secondary_address | String | The secondary address of the host. |
ForcepointSMC.Host.Comment | String | The comment for the host. |
#
Command example!forcepoint-smc-host-update name="name" address="1.2.3.4"
#
Context Example#
Human Readable OutputHost name was updated successfully.
#
forcepoint-smc-host-deleteDeletes a host.
#
Base Commandforcepoint-smc-host-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the host to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Host.Name | String | The name of the host. |
ForcepointSMC.Host.Deleted | Boolean | Whether the host was deleted. |
#
Command example!forcepoint-smc-host-delete name="name"
#
Context Example#
Human Readable OutputHost name was deleted successfully.
#
forcepoint-smc-domain-createCreates a new domain.
#
Base Commandforcepoint-smc-domain-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the domain to create. | Required |
comment | The comment to add to the domain. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Domain.Name | String | The name of the host. |
ForcepointSMC.Domain.Comment | String | The comment of the host. |
#
Command example!forcepoint-smc-domain-create name="name"
#
Context Example#
Human Readable OutputDomain name was created successfully.
#
forcepoint-smc-domain-listLists the domains in the system.
#
Base Commandforcepoint-smc-domain-list
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of a specific domain to fetch. | Optional |
limit | The maximum number of hosts to return. Default value is 50. | Optional |
all_results | Whether to return all of the results. Overrides the other arguments if used. Default value is False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Domain.Name | String | The name of the domain. |
ForcepointSMC.Domain.Comment | String | The comment for the domain. |
#
Command example!forcepoint-smc-domain-list name="name"
#
Context Example#
Human Readable Output#
Domains:
Name name
#
forcepoint-smc-domain-deleteDeletes a domain.
#
Base Commandforcepoint-smc-domain-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the domain to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Domain.Name | String | The name of the domain. |
ForcepointSMC.Domain.Deleted | Boolean | Whether the domain was deleted. |
#
Command example!forcepoint-smc-domain-delete name="name"
#
Context Example#
Human Readable OutputDomain name was deleted successfully.
#
forcepoint-smc-policy-template-listLists the policy templates in the system.
#
Base Commandforcepoint-smc-policy-template-list
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of policy templates to return. Default value is 50. | Optional |
all_results | Whether to return all of the results. Overrides the other arguments if used. Default value is False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.PolicyTemplate.Name | String | The name of the firewall policy template. |
ForcepointSMC.PolicyTemplate.Comment | String | The comment for the firewall policy. |
#
Command example!forcepoint-smc-policy-template-list limit=1
#
Context Example#
Human Readable Output#
Policy template:
Name Comment Firewall Template Firewall Template Policy that uses Inspection rules from the No Inspection Policy.
#
forcepoint-smc-firewall-policy-listLists the firewall policies in the system.
#
Base Commandforcepoint-smc-firewall-policy-list
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of firewall policies to return. Default value is 50. | Optional |
all_results | Whether to return all of the results. Overrides the other arguments if used. Default value is False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Policy.Name | String | The name of the firewall policy. |
ForcepointSMC.Policy.Comment | String | The comment for the firewall policy. |
#
Command example!forcepoint-smc-firewall-policy-list limit=1
#
Context Example#
Human Readable Output#
Firewall policies:
Name Policy For May To Test PC
#
forcepoint-smc-firewall-policy-createCreates a firewall policy.
#
Base Commandforcepoint-smc-firewall-policy-create
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the firewall policy. | Required |
template | The template name to use to create the firewall policy. Run the forcepoint-smc-policy-template-list command to get the list of policy templates. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Policy.Name | String | The name of the firewall policy. |
ForcepointSMC.Policy.Comment | String | The comment for the firewall policy. |
#
Command example!forcepoint-smc-firewall-policy-create name="name" template="Firewall Template"
#
Context Example#
Human Readable OutputFirewall policy name was created successfully.
#
forcepoint-smc-firewall-policy-deleteDeletes a firewall policy.
#
Base Commandforcepoint-smc-firewall-policy-delete
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the policy to delete. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Policy.Name | String | The name of the firewall policy. |
ForcepointSMC.Policy.Deleted | Boolean | Whether the policy was deleted. |
#
Command example!forcepoint-smc-firewall-policy-delete name="name"
#
Context Example#
Human Readable OutputFirewall policy name was deleted successfully.
#
forcepoint-smc-rule-createCreates a rule.
#
Base Commandforcepoint-smc-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | The name of the firewall policy. | Required |
rule_name | The name of the rule to create. | Required |
ip_version | The ip_version of the rule. Possible values are: V4, V6. | Required |
source_ip_list | A comma-separated list of source ip-list names to use to create the rule. Run the forcepoint-ip-list-list command to get the list of ip lists. | Optional |
source_host | A comma-separated list of source host names to use to create the rule. Run the forcepoint-host-list command to get the list of hosts. | Optional |
source_domain | A comma-separated list of source domain names to use to create the rule. Run the forcepoint-domain-list command to get the list of domains. | Optional |
destination_ip_list | A comma-separated list of destination ip-list names to use to create the rule. Run the forcepoint-ip-list-list command to get the list of ip lists. | Optional |
destination_host | A comma-separated list of destination host names to use to create the rule. Run the forcepoint-host-list command to get the list of hosts. | Optional |
destination_domain | A comma-separated list of destination domain names to use to create the rule. Run the forcepoint-domain-list command to get the list of domains. | Optional |
action | The action of the rule. Possible values are: allow, continue, discard, refuse, enforce_vpn, apply_vpn, forward_vpn, blacklist, forced_next_hop. | Required |
comment | The comment to add to the rule. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Rule.Name | String | The name of the rule. |
ForcepointSMC.Rule.ID | String | The ID of the rule. |
ForcepointSMC.Rule.IP_version | String | The IP version of the rule. |
ForcepointSMC.Rule.Action | String | The action of the rule. |
ForcepointSMC.Rule.Comment | String | The comment for the rule. |
#
Command example!forcepoint-smc-rule-create policy_name="name" action=allow rule_name="test" destination_ip_list="test" ip_version="V4"
#
Context Example#
Human Readable OutputThe rule test to the policy name was created successfully.
#
forcepoint-smc-rule-updateUpdates a rule.
#
Base Commandforcepoint-smc-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | The name of the firewall policy. | Required |
rule_name | The name of the rule to update. | Required |
is_override | Whether to override the existing values. Default value is False. Possible values are: False, True. | Optional |
ip_version | The ip_version of the rule. Possible values are: V4, V6. | Required |
source_ip_list | A comma-separated list of source ip-list names to use to update the rule. Run the forcepoint-ip-list-list command to get the list of ip lists. | Optional |
source_host | A comma-separated list of source host names to use to update the rule. Run the forcepoint-host-list command to get the list of hosts. | Optional |
source_domain | A comma-separated list of source domain names to use to update the rule. Run the forcepoint-domain-list command to get the list of domains. | Optional |
destination_ip_list | A comma-separated list of destination ip-list names to use to update the rule. Run the forcepoint-ip-list-list command to get the list of ip lists. | Optional |
destination_host | A comma-separated list of destination host names to use to update the rule. Run the forcepoint-host-list command to get the list of hosts. | Optional |
destination_domain | A comma-separated list of destination domain names to use to update the rule. Run the forcepoint-domain-list command to get the list of domains. | Optional |
action | The action of the rule. Possible values are: allow, continue, discard, refuse, enforce_vpn, apply_vpn, forward_vpn, blacklist, forced_next_hop. | Optional |
comment | The comment to add to the rule. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!forcepoint-smc-rule-update policy_name="name" action=continue rule_name="test" source_ip_list="test" ip_version="V4"
#
Human Readable OutputThe rule test to the policy name was updated successfully.
#
forcepoint-smc-rule-listLists the rules in a specific policy.
#
Base Commandforcepoint-smc-rule-list
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | The name of the firewall policy. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Rule.Name | String | The name of the rule. |
ForcepointSMC.Rule.ID | String | The ID of the rule. |
ForcepointSMC.Rule.IP_version | String | The IP version of the rule. |
ForcepointSMC.Rule.Sources | Unknown | The sources of the rule. |
ForcepointSMC.Rule.Destinations | Unknown | The destinations of the rule. |
ForcepointSMC.Rule.Services | Unknown | The services of the rule. |
ForcepointSMC.Rule.Actions | Unknown | The actions of the rule. |
ForcepointSMC.Rule.Comment | String | The comment of the rule. |
#
Command example!forcepoint-smc-rule-list policy_name="name"
#
Context Example#
Human Readable Output#
Rules:
Name ID IP_version Sources Destinations Actions test 2097186.1 V4 test test continue
#
forcepoint-smc-rule-deleteDeletes a rule.
#
Base Commandforcepoint-smc-rule-delete
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | The name of the firewall policy. | Required |
rule_name | The name of the rule to delete. | Required |
ip_version | The ip_version of the rule. Possible values are: V4, V6. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Rule.ID | String | The ID of the rule. |
ForcepointSMC.Rule.Deleted | Boolean | Whether the rule was deleted. |
#
Command example!forcepoint-smc-rule-delete policy_name="name" rule_name="test" ip_version=V4
#
Context Example#
Human Readable OutputRule test was deleted successfully.
#
forcepoint-smc-engine-listLists the engines in the system.
#
Base Commandforcepoint-smc-engine-list
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of engines to return. Default value is 50. | Optional |
all_results | Whether to return all of the results or not, overrides the other arguments if used. Default value is False. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ForcepointSMC.Engine.Name | String | The name of the engine. |
ForcepointSMC.Engine.Comment | String | The comment for the engine. |
#
Command example!forcepoint-smc-engine-list limit=1
#
Context Example#
Human Readable Output#
Engines:
Name Comment Forcepoint Engine Forcepoint Engine element pre-populated by installer