Skyhigh Secure Web Gateway (On Prem)
McAfee Web Gateway Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
Manages the block and allow lists within Skyhigh Secure Web Gateway. This integration was integrated and tested with version 11.2.9 of Skyhigh Secure Web Gateway (On Prem)
#
Configure Skyhigh Secure Web Gateway (On Prem) in CortexParameter | Required |
---|---|
Server URL (e.g. https://192.168.100.55:4712) | True |
Password | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
swg-get-available-listsGet all available lists.
#
Base Commandswg-get-available-lists
#
InputArgument Name | Description | Required |
---|---|---|
name | Filter to be applied on a list name. | Optional |
type | Filter to be applied on a list type. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
SWG.List.ID | Unknown | List ID. |
SWG.List.Title | Unknown | List title. |
SWG.List.Type | Unknown | List type. |
#
Command example!swg-get-available-lists name=blocklist
#
Context Example#
Human Readable Output#
Lists
Title ID Type blocklist com.scur.type.regex.386 regex Category Blocklist 5145 category Upload Media Type Blocklist 5146 mediatype
#
swg-get-listRetrieve a specific list.
#
Base Commandswg-get-list
#
InputArgument Name | Description | Required |
---|---|---|
list_id | List ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SWG.List.ListEntries.ListID | Unknown | List ID of the entry's list. |
SWG.List.ListEntries.Name | Unknown | Entry name. |
SWG.List.ListEntries.Description | Unknown | Entry description. |
SWG.List.ListEntries.Position | Unknown | Entry position in list. |
SWG.List.ID | Unknown | List ID. |
SWG.List.Title | Unknown | List title. |
SWG.List.Type | Unknown | List Type |
SWG.List.Description | Unknown | List description. |
#
Command example!swg-get-list list_id=com.scur.type.regex.386
#
Context Example#
Human Readable Output#
List Properties
Title ID Description Type blocklist com.scur.type.regex.386 blocklist regex #
blocklist
Position Name Description 0 http://test.evil/ this is really evil 1 http://test-more.evil/ this is really evil
#
swg-get-list-entryRetrieve a specific entry from a list.
#
Base Commandswg-get-list-entry
#
InputArgument Name | Description | Required |
---|---|---|
list_id | List ID. | Required |
entry_pos | Entry position in the table. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SWG.List.ID | Unknown | List ID of the entry's list. |
SWG.List.ListEntries.ListID | Unknown | List ID of the entry's list. |
SWG.List.ListEntries.Name | Unknown | Entry name. |
SWG.List.ListEntries.Position | Unknown | Entry position in the list. |
SWG.List.ListEntries.Description | Unknown | Entry description. |
#
Command example!swg-get-list-entry list_id=com.scur.type.regex.386 entry_pos=0
#
Context Example#
Human Readable Output#
List entry at position 0
ListID Position Name Description com.scur.type.regex.386 0 http://test.evil/ this is really evil
#
swg-insert-entryInsert a new entry to a list.
#
Base Commandswg-insert-entry
#
InputArgument Name | Description | Required |
---|---|---|
list_id | List ID. | Required |
entry_pos | Entry position in the table. | Required |
description | Entry description. | Optional |
name | Entry name. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SWG.List.ID | Unknown | List ID of the entry's list. |
SWG.List.ListEntries.ListID | Unknown | List ID of the entry's list. |
SWG.List.ListEntries.Name | Unknown | Entry name. |
SWG.List.ListEntries.Position | Unknown | Entry position in the list. |
SWG.List.ListEntries.Description | Unknown | Entry description. |
#
Command example!swg-insert-entry list_id=com.scur.type.regex.386 entry_pos=0 name="http*://evil.corp/*" description="ticket #1: This is an evil domain"
#
Context Example#
Human Readable Output#
Added List entry at position 0
ListID Position Name Description com.scur.type.regex.386 0 http://evil.corp/ ticket #1: This is an evil domain
#
swg-delete-entryInsert a new entry to a list.
#
Base Commandswg-delete-entry
#
InputArgument Name | Description | Required |
---|---|---|
list_id | List ID. | Required |
entry_pos | Entry position in the table. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!swg-delete-entry list_id=com.scur.type.regex.386 entry_pos=0
#
Human Readable Output#
Deleted List entry at position 0
ListID Position Name Description com.scur.type.regex.386 0 http://evil.corp ticket #1: This is an evil domain
#
swg-modify-listOverwrites the complete XML configuration of a list.
#
Base Commandswg-modify-list
#
InputArgument Name | Description | Required |
---|---|---|
list_id | List ID. | Required |
config | XML configuration to write to the list. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SWG.List.ListEntries.ListID | Unknown | List ID of the entry's list. |
SWG.List.ListEntries.Name | Unknown | Entry name. |
SWG.List.ListEntries.Description | Unknown | Entry description. |
SWG.List.ListEntries.Position | Unknown | Entry position in list. |
SWG.List.ID | Unknown | List ID. |
SWG.List.Title | Unknown | List title. |
SWG.List.Type | Unknown | List type. |
SWG.List.Description | Unknown | List description. |
#
Command example!swg-modify-list list_id=com.scur.type.regex.386 config=`<list version="1.0.3.46" mwg-version="11.2.9-44482" name="blocklist" id="com.scur.type.regex.386" typeId="com.scur.type.regex" classifier="Other" systemList="false" structuralList="false" defaultRights="2"><description>blocklist</description><content><listEntry><entry>http*://evil.corp/*</entry><description>ticket #1: This is an evil domain</description></listEntry></content></list>`
#
Context Example#
Human Readable Output#
Modified blocklist
Title ID Description Type blocklist com.scur.type.regex.386 blocklist regex
#
swg-create-listCreate a new list.
#
Base Commandswg-create-list
#
InputArgument Name | Description | Required |
---|---|---|
name | Name for the list to be created. | Required |
type | Type for the list to be created. Possible values are: category, ip, iprange, mediatype, number, regex, string. Default is string. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SWG.List.ID | Unknown | List ID. |
SWG.List.Title | Unknown | List title. |
SWG.List.Type | Unknown | List type. |
SWG.List.Description | Unknown | List description. |
#
Command example!swg-create-list name="blocklist" type=regex
#
Context Example#
Human Readable Output#
Created List Properties
Title ID Description Type blocklist com.scur.type.regex.460 regex
#
swg-delete-listDelete a list.
#
Base Commandswg-delete-list
#
InputArgument Name | Description | Required |
---|---|---|
list_id | List ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!swg-delete-list list_id=com.scur.type.regex.460
#
Human Readable Output#
Deleted List Properties
Title ID Description Type blocklist com.scur.type.regex.460 regex