Skip to main content

Netmiko

This Integration is part of the Netmiko Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Netmiko SSH module integration#

This integration provides ssh-based access to network devices, servers, and other appliances that support this method of configuration. For a complete list of supported platforms, please visit the below URL:

Netmiko Platforms.md on Github

Configure Netmiko Integration in Cortex XSOAR#

  1. Navigate to Settings - Integrations
  2. Search for Netmiko
  3. Click Add instance to create and configure a new integration instance.
    - **Name**: a name for the integration instance.
    - **Platform**: the platform identifier taken from the above SSH or Telnet platform name lists (e.g., linux_ssh, paloalto_panos, etc.)
    NOTE: Platform names are taken from the supported SSH or Telnet device type lists on GitHub.
    - **Hostname**: The IP address, hostname, or FQDN for the device to connect to via SSH.
    - **Port**: The port to connect to via SSH
    - **Credentials**: The username/password, or XSOAR credential object, to be used for the connection
    - **Override the default timeout value**: Override the timeout value (in seconds) for a given integration instance. This is useful for devices that are slow in responding with requested output over SSH.
  4. Click Test to validate the new instance. This performs a simple connection to the system hosting the SSH server.

Commands#

The Netmiko integration currently only supports the netmiko-cmds command for SSH. This command can be used via the XSOAR CLI, as part of an automation, or as a task in an XSOAR playbook. Like other XSOAR commands, this object can be passed a single command, a list of commands, or an array of commands to execute in a single session.

  1. Executes a command, or series of commands, over an SSH connection: netmiko-cmds

netmiko-cmds#

Executes a command, or series of commands, over an SSH connection. Outputs from the executed commands are returned to the incident/playground context.

Base Command#

netmiko-cmds

Input#

Argument NameDescriptionRequired
cmdsThe command, or commands, to execute. When commands are manually specified and executed via the XSOAR CLI or in a task, place each command after the first on a new line (no comma required)Required
disable_contextThe package ID. Package ID or package name is required. When both exist, ID is used.Optional
exit_argumentThe optional exit command to be executed after the cmds parameter. This is tied to the requires_exit optional parameter. (Default: q)Optional
isConfigSpecifies whether or not the commands being executed require a configure command to be executed first (e.g., conf t for Cisco IOS). The specific configure command is handled by the Netmiko Python module, and is associated with the Platform parameter specified in the integration instance. (Default: False)Optional
override_hostIf specified, uses this host in place of the one specified in the instance configuration.Optional
override_passwordIf specified, uses this password in place of the one specified in the instance configuration.Optional
override_platformIf specified, uses this platform name in place of the one specified in the instance configuration.Optional
override_portIf specified, uses this port in place of the one specified in the instance configuration.Optional
override_usernameIf specified, uses this username in place of the one specified in the instance configuration.Optional
raw_printPrints the raw output directly to the war room (Default: False)Optional
require_enableSpecifies whether or not the enable command must be executed before the commands specified in the cmds parameter. (Default: False)Optional
require_exitSpecifies an optional command that must be executed upon completion of the cmds parameter being executed. (Default: False)Optional

Context Output#

PathTypeDescription
Netmiko.CommandStringThe executed command(s)
Netmiko.DateTimeUTCDateTimeThe datetime at which the command(s) were executed (in UTC)
Netmiko.HostnameStringThe hostname used for this execution of the integration
Netmiko.OutputStringThe results of the command(s) that were executed

Command Example (Single command)#

!netmiko-cmds cmds="whoami"

Context Example#

{
โ€ƒ"Command": "whoami",
โ€ƒ"DateTimeUTC": "2023-04-24T21:40:21.755985",
โ€ƒ"Hostname": "192.168.0.1",
โ€ƒ"Output": "[someuser@someserver ~]$ root"
}

Human Readable Output#

Command(s) against 192.168.0.1 (linux)#

CommandDateTimeUTCHostnameOutput
whoami2023-04-24T21:40:21.755985192.168.0.1root

Command Example (Multiple commands)#

As multiple commands via CLI or task#

!netmiko-cmds cmds="whoami who"

As multiple commands via CLI or task using an array#

array context key = ["whoami", "who"] !netmiko-cmds cmds=${array}

Context Example#

{
โ€ƒ"Netmiko": [{
โ€ƒโ€ƒ"Command": "whoami",
โ€ƒโ€ƒ"DateTimeUTC": "2023-04-24T21:59:02.177240",
โ€ƒโ€ƒ"Hostname": "192.168.0.1",
โ€ƒโ€ƒ"Output": "[someuser@somehost ~]$ root"
โ€ƒ},
โ€ƒ{
โ€ƒโ€ƒ"Command": "who",
โ€ƒโ€ƒ"DateTimeUTC": "2023-04-24T21:59:04.882842",
โ€ƒโ€ƒ"Hostname": "192.168.0.1",
โ€ƒโ€ƒ"Output": "[someuser@somehost ~]$ root pts/0 2023-04-24 17:58 (192.168.0.1)"
โ€ƒ}]
}

Human Readable Output#

Command(s) against 192.168.0.1 (linux)#

CommandDateTimeUTCHostnameOutput
whoami2023-04-24T21:59:02.177240192.168.0.1root
who2023-04-24T21:59:04.882842192.168.0.1[someuser@somehost ~]$ root pts/0 2023-04-24 17:58 (192.168.0.1)
Edit this page
Report an Issue