Link Search Menu Expand Document

Microsoft Online Object Group Update

Workflow #0004

Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow fetches that JSON, filters it, compares it to an existing network object group in Cisco Defense Orchestrator, and then updates the group as needed.

Overview GitHub


Requirements

  • The targets listed below
  • Access to Cisco Defense Orchestrator (CDO)
  • A CDO API token (Can be generated on your CDO settings page)

Workflow Steps

  1. Fetch the online services information JSON from Microsoft
  2. Get the existing object group from CDO
  3. Figure out what changes are needed
  4. Check if any changes are needed
    • If not, end the workflow
  5. Create each new network object
  6. Generate the JSON to update the object group
  7. Update the object group using the CDO API

Configuration

  • If you want the workflow to run on a schedule, you need to create a schedule and then add it as a trigger within the workflow
  • Provide the workflow your CDO API token by either:
    • Storing your token in a global variable and using the Fetch Global Variables group at the beginning of the workflow to update the CDO Bearer Token local variable; or
    • Leave the Fetch Global Variables group disabled and add your token directly to the CDO Bearer Token local variable
  • Validate the name of the network object group that’ll be updated in CDO in the CDO Object Group Name local variable
  • Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to https://endpoints.office.com/endpoints/worldwide and copy the URL into the Microsoft Endpoints URL local variable in the workflow

Targets

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco Defense Orchestrator HTTP Endpoint Protocol: HTTPS
Host: defenseorchestrator.com
Path: /aegis/rest/v1/
None