ā04-24-2017 04:03 PM - edited ā03-10-2019 06:49 AM
We have a Firesight manager 6.0.1 and an ASA 5545-X running 9.5(2)5.
We are trying to create a remediation that will add an object to the ACL named "Blacklist"
The object would be the Source IP. I would like it to add the objects name as: Sourcefire-%ipaddress%
I have no experience writing an API for Sourcefire.
Cisco TAC says they do not support Custom APIs and they could not give me any realistic resources on how to write an API.
Are there any resources or tools for creating an API?
Are there any debugging tools that can simulate what the results would be?
Can I trigger the rule against a fake IP to have it log into our firewall via SSH and add the dummy IP as a test? Testing this with live threats appears to be the only way and without guarantees that it will operate as expected, this poses a risk to our environment.
Thank you for your time in advance,
Burton Hallman
Solved! Go to Solution.
ā04-28-2017 08:08 AM
I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link
Hope this help you
ā04-28-2017 08:08 AM
I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link
Hope this help you
ā04-28-2017 09:03 AM
I understand the Cisco Support does not support custom remediation modules, but the documentation does seem to show the ability to create custom remediation modules:
http://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/remediation/FireSIGHT-System-Remediation-API-Guide/WritingRemedClients.html
This is why I am looking to the Community for Support as Cisco TAC has zero information on how to create a custom remediation module.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: