Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1121
Views
0
Helpful
2
Replies

Firepower integration with ASA

Go to solution
bhallman
Level 1
Level 1

ā€Ž04-24-2017 04:03 PM - edited ā€Ž03-10-2019 06:49 AM

We have a Firesight manager 6.0.1 and an ASA 5545-X running 9.5(2)5.

We are trying to create a remediation that will add an object to the ACL named "Blacklist"

The object would be the Source IP. I would like it to add the objects name as: Sourcefire-%ipaddress%

I have no experience writing an API for Sourcefire.

Cisco TAC says they do not support Custom APIs and they could not give me any realistic resources on how to write an API.

Are there any resources or tools for creating an API?

Are there any debugging tools that can simulate what the results would be?

Can I trigger the rule against a fake IP to have it log into our firewall via SSH and add the dummy IP as a test? Testing this with live threats appears to be the only way and without guarantees that it will operate as expected, this poses a risk to our environment.

Thank you for your time in advance,

Burton Hallman

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ravi Singh
Level 7
Level 7

ā€Ž04-28-2017 08:08 AM

I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01100000.html

Hope this help you

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Ravi Singh
Level 7
Level 7

ā€Ž04-28-2017 08:08 AM

I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01100000.html

Hope this help you

0 Helpful

Go to solution
bhallman
Level 1
Level 1
In response to Ravi Singh

ā€Ž04-28-2017 09:03 AM

I understand the Cisco Support does not support custom remediation modules, but the documentation does seem to show the ability to create custom remediation modules:

http://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/remediation/FireSIGHT-System-Remediation-API-Guide/WritingRemedClients.html

This is why I am looking to the Community for Support as Cisco TAC has zero information on how to create a custom remediation module.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card