Microsoft Online Object Group Update
Workflow #0004
Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow fetches that JSON, filters it, compares it to an existing network object group in Cisco Defense Orchestrator (CDO), and then updates the group as needed. Note: This workflow only processes IPv4 addresses
Change Log
Date | Notes |
---|---|
Nov 24, 2020 | - Initial release |
Aug 31, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- None
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets listed at the bottom of the page
- Cisco Defense Orchestrator (CDO) (API token can be generated on your settings page)
Workflow Steps
- Fetch the online services information JSON from Microsoft
- Get the existing object group from Defense Orchestrator
- Figure out what changes are needed
- Check if any changes are needed
- If not, end the workflow
- Create each new network object
- Generate the JSON to update the object group
- Update the object group using the Defense Orchestrator API
Configuration
- If you want the workflow to run on a schedule, you need to create a schedule and then add it as a trigger within the workflow
- Provide the workflow your Defense Orchestrator API token by either:
- Storing your token in a global variable and using the
Fetch Global Variables
group at the beginning of the workflow to update theCDO Bearer Token
local variable; or - Leave the
Fetch Global Variables
group disabled and add your token directly to theCDO Bearer Token
local variable
- Storing your token in a global variable and using the
- Validate the name of the network object group that’ll be updated in Defense Orchestrator in the
CDO Object Group Name
local variable - Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to
https://endpoints.office.com/endpoints/worldwide
and copy the URL into theMicrosoft Endpoints URL
local variable in the workflow
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Cisco Defense Orchestrator | HTTP Endpoint | Protocol: HTTPS Host: defenseorchestrator.com Path: /aegis/rest/v1/ | None |