Get Expiring Rules (Remote)
Workflow #0066
This workflow searches up to 500 Cisco Secure Firewall Management Center policies for time-based rules that are set to expire within the configured expiry time. If expired or soon-to-expire rules are found, a message is posted in Webex with the rule details.
There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.
Change Log
Date | Notes |
---|---|
Aug 1, 2022 | - Initial release |
Sep 7, 2022 | - Name modified to reflect this workflow using orchestration remote |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Secure Firewall - Get Access Token
- Webex - Post Message to Room
- Webex - Search for Room
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed below
- Cisco Secure Firewall
- Cisco Webex
Workflow Steps
- Validate required settings and fetch the Webex room ID
- Get access token for FMC
- Get time-range objects
- Get access policies
- For each policy:
- Check each rule for time-based objects
- If time-based objects are found in rule:
- Calculate the expiry time and append to the workflow output as needed
- Finalize the output of the workflow based on what was found
- Post message to Webex
Configuration
- Set the
Check For Expired Rules
local variable totrue
orfalse
depending on whether you want to report on rules which already expired - Set the
Expiring Soon Time Period
local variable to the number of days you want to use as the threshold for considering a rule to be expiring soon. For example, if you set this to 7 days, any rule expiring within 7 days will be considered “expiring soon” - Set the
Secure Firewall Management Center URL
to the base URL of your FMC portal. For example:https://securefirewall.yourcompany.com
- If you want the workflow to run on a schedule, you need to create a schedule and then add it as a trigger within the workflow
- See this page for information on configuring the workflow for Webex
Targets
Target Group: Default TargetGroup
Note: If your FMC is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use FMC with orchestration.
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
FMC Target | HTTP Endpoint | Protocol: HTTPS Host: your-firewall-management-center Path: api/ | FMC API Credentials | |
Webex Teams | HTTP Endpoint | Protocol: HTTPS Host: webexapis.com Path: None | None |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
FMC API Credentials | HTTP Basic Authentication | Username: FMC Username Password: FMC Password | Account must have API permissions |