On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Update Host Group with Microsoft Online IPs

Workflow #0078

This workflow fetches information about Microsoft Online IP addresses and subnets. These IPs and subnets are then added to a host group on Secure Network Analytics.

GitHub

Change Log

Date Notes
Feb 28, 2023 - Initial release

Requirements

  • The following system atomics are used by this workflow:
    • Secure Network Analytics - Get Tenants
    • Secure Network Analytics - Get Tokens
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • A SecureX orchestration remote with connectivity to your Secure Network Analytics instance
  • Cisco Secure Network Analytics (SNA)

Workflow Steps

  1. Fetch the IP addresses/networks from Microsoft
  2. Fetch API tokens for Secure Network Analytics
  3. Fetch a list of SNA tenants and extract the domain ID of the tenant configured in the “SNA Tenant Name” variable
  4. Fetch a list of host groups
  5. Extract the group list and search for the group ID of the group configured in the “Host Group Name” variable
  6. Request the IPs from Microsoft be added to the host group

Configuration

  • This workflow is designed to run on a schedule. You need to create a schedule and then add it as a trigger within the workflow
  • Add your Secure Network Analytics API username and password to SNA Username and SNA Password (or, if you have them stored in global variables, use the Fetch Global Variables group at the beginning of the workflow to update the local variables)
  • Set the SNA Tenant Name to the name of the tenant you want to work in
  • Set the Host Group Name to the name of the host group to update with Microsoft Online IPs

Targets

Note: If your Secure Network Analytics deployment is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use it with orchestration.

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Secure Network Analytics HTTP Endpoint Protocol: HTTPS
Host: your-sna-management-center.yourdomain
Path: None		 None