Skip to main content

Skyhigh Secure Web Gateway (On Prem)

This Integration is part of the McAfee Web Gateway Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Manages the block and allow lists within Skyhigh Secure Web Gateway. This integration was integrated and tested with version 11.2.9 of Skyhigh Secure Web Gateway (On Prem)

Configure Skyhigh Secure Web Gateway (On Prem) in Cortex#

ParameterRequired
Server URL (e.g. https://192.168.100.55:4712)True
PasswordTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

swg-get-available-lists#


Get all available lists.

Base Command#

swg-get-available-lists

Input#

Argument NameDescriptionRequired
nameFilter to be applied on a list name.Optional
typeFilter to be applied on a list type.Optional

Context Output#

PathTypeDescription
SWG.List.IDUnknownList ID.
SWG.List.TitleUnknownList title.
SWG.List.TypeUnknownList type.

Command example#

!swg-get-available-lists name=blocklist

Context Example#

{
"SWG": {
"List": {
"ID": "com.scur.type.regex.386",
"Title": "blocklist",
"Type": "regex"
}
}
}

Human Readable Output#

Lists#

TitleIDType
blocklistcom.scur.type.regex.386regex
Category Blocklist5145category
Upload Media Type Blocklist5146mediatype

swg-get-list#


Retrieve a specific list.

Base Command#

swg-get-list

Input#

Argument NameDescriptionRequired
list_idList ID.Required

Context Output#

PathTypeDescription
SWG.List.ListEntries.ListIDUnknownList ID of the entry's list.
SWG.List.ListEntries.NameUnknownEntry name.
SWG.List.ListEntries.DescriptionUnknownEntry description.
SWG.List.ListEntries.PositionUnknownEntry position in list.
SWG.List.IDUnknownList ID.
SWG.List.TitleUnknownList title.
SWG.List.TypeUnknownList Type
SWG.List.DescriptionUnknownList description.

Command example#

!swg-get-list list_id=com.scur.type.regex.386

Context Example#

{
"SWG": {
"List": {
"Description": "blocklist",
"ID": "com.scur.type.regex.386",
"Title": "blocklist",
"Type": "regex",
"ListEntries": [
{
"Description": "this is really evil",
"ListID": "com.scur.type.regex.386",
"Name": "http*://test.evil/*",
"Position": 0
},
{
"Description": "this is really evil",
"ListID": "com.scur.type.regex.386",
"Name": "http*://test-more.evil/*",
"Position": 1
}
]
}
}
}

Human Readable Output#

List Properties#

TitleIDDescriptionType
blocklistcom.scur.type.regex.386blocklistregex

blocklist#

PositionNameDescription
0http://test.evil/this is really evil
1http://test-more.evil/this is really evil

swg-get-list-entry#


Retrieve a specific entry from a list.

Base Command#

swg-get-list-entry

Input#

Argument NameDescriptionRequired
list_idList ID.Required
entry_posEntry position in the table.Required

Context Output#

PathTypeDescription
SWG.List.IDUnknownList ID of the entry's list.
SWG.List.ListEntries.ListIDUnknownList ID of the entry's list.
SWG.List.ListEntries.NameUnknownEntry name.
SWG.List.ListEntries.PositionUnknownEntry position in the list.
SWG.List.ListEntries.DescriptionUnknownEntry description.

Command example#

!swg-get-list-entry list_id=com.scur.type.regex.386 entry_pos=0

Context Example#

{
"SWG": {
"List": {
"ID": "com.scur.type.regex.386",
"ListEntries": {
"Description": "this is really evil",
"ListID": "com.scur.type.regex.386",
"Name": "http*://test.evil/*",
"Position": "0"
}
}
}
}

Human Readable Output#

List entry at position 0#

ListIDPositionNameDescription
com.scur.type.regex.3860http://test.evil/this is really evil

swg-insert-entry#


Insert a new entry to a list.

Base Command#

swg-insert-entry

Input#

Argument NameDescriptionRequired
list_idList ID.Required
entry_posEntry position in the table.Required
descriptionEntry description.Optional
nameEntry name.Required

Context Output#

PathTypeDescription
SWG.List.IDUnknownList ID of the entry's list.
SWG.List.ListEntries.ListIDUnknownList ID of the entry's list.
SWG.List.ListEntries.NameUnknownEntry name.
SWG.List.ListEntries.PositionUnknownEntry position in the list.
SWG.List.ListEntries.DescriptionUnknownEntry description.

Command example#

!swg-insert-entry list_id=com.scur.type.regex.386 entry_pos=0 name="http*://evil.corp/*" description="ticket #1: This is an evil domain"

Context Example#

{
"SWG": {
"List": {
"ID": "com.scur.type.regex.386",
"ListEntries": {
"Description": "ticket #1: This is an evil domain",
"ListID": "com.scur.type.regex.386",
"Name": "http*://evil.corp/*",
"Position": "0"
}
}
}
}

Human Readable Output#

Added List entry at position 0#

ListIDPositionNameDescription
com.scur.type.regex.3860http://evil.corp/ticket #1: This is an evil domain

swg-delete-entry#


Insert a new entry to a list.

Base Command#

swg-delete-entry

Input#

Argument NameDescriptionRequired
list_idList ID.Required
entry_posEntry position in the table.Required

Context Output#

There is no context output for this command.

Command example#

!swg-delete-entry list_id=com.scur.type.regex.386 entry_pos=0

Human Readable Output#

Deleted List entry at position 0#

ListIDPositionNameDescription
com.scur.type.regex.3860http://evil.corpticket #1: This is an evil domain

swg-modify-list#


Overwrites the complete XML configuration of a list.

Base Command#

swg-modify-list

Input#

Argument NameDescriptionRequired
list_idList ID.Required
configXML configuration to write to the list.Required

Context Output#

PathTypeDescription
SWG.List.ListEntries.ListIDUnknownList ID of the entry's list.
SWG.List.ListEntries.NameUnknownEntry name.
SWG.List.ListEntries.DescriptionUnknownEntry description.
SWG.List.ListEntries.PositionUnknownEntry position in list.
SWG.List.IDUnknownList ID.
SWG.List.TitleUnknownList title.
SWG.List.TypeUnknownList type.
SWG.List.DescriptionUnknownList description.

Command example#

!swg-modify-list list_id=com.scur.type.regex.386 config=`<list version="1.0.3.46" mwg-version="11.2.9-44482" name="blocklist" id="com.scur.type.regex.386" typeId="com.scur.type.regex" classifier="Other" systemList="false" structuralList="false" defaultRights="2"><description>blocklist</description><content><listEntry><entry>http*://evil.corp/*</entry><description>ticket #1: This is an evil domain</description></listEntry></content></list>`

Context Example#

{
"SWG": {
"List": {
"Description": "blocklist",
"ID": "com.scur.type.regex.386",
"Title": "blocklist",
"Type": "regex",
"ListEntries": [
{
"Description": "ticket #1: This is an evil domain",
"ListID": "com.scur.type.regex.386",
"Name": "http*://evil.corp/*",
"Position": 0
}
]
}
}
}

Human Readable Output#

Modified blocklist#

TitleIDDescriptionType
blocklistcom.scur.type.regex.386blocklistregex

swg-create-list#


Create a new list.

Base Command#

swg-create-list

Input#

Argument NameDescriptionRequired
nameName for the list to be created.Required
typeType for the list to be created. Possible values are: category, ip, iprange, mediatype, number, regex, string. Default is string.Required

Context Output#

PathTypeDescription
SWG.List.IDUnknownList ID.
SWG.List.TitleUnknownList title.
SWG.List.TypeUnknownList type.
SWG.List.DescriptionUnknownList description.

Command example#

!swg-create-list name="blocklist" type=regex

Context Example#

{
"SWG": {
"List": {
"Description": "",
"ID": "com.scur.type.regex.460",
"Title": "blocklist",
"Type": "regex"
}
}
}

Human Readable Output#

Created List Properties#

TitleIDDescriptionType
blocklistcom.scur.type.regex.460regex

swg-delete-list#


Delete a list.

Base Command#

swg-delete-list

Input#

Argument NameDescriptionRequired
list_idList ID.Required

Context Output#

There is no context output for this command.

Command example#

!swg-delete-list list_id=com.scur.type.regex.460

Human Readable Output#

Deleted List Properties#

TitleIDDescriptionType
blocklistcom.scur.type.regex.460regex