Microsoft Online Dynamic Object Update (Remote)
Workflow #0031
Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow demonstrates fetching that JSON, reformatting it, and updating a dynamic object group on Cisco Secure Firewall.
There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.
Change Log
Date | Notes |
---|---|
May 26, 2021 | - Initial release |
Sep 10, 2021 | - Updated to use the new system atomics |
Sep 7, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Secure Firewall - Create Dynamic Object Group
- Secure Firewall - Get Access Token
- Secure Firewall - Get Dynamic Object Group Mappings
- Secure Firewall - Update Dynamic Object Group Mappings
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Secure Firewall (software version 7.0 or newer)
Workflow Steps
- Get an access token for Secure Firewall
- Get the existing dynamic object group mappings
- Check if fetching the mappings succeeded (if not, create a new dynamic object group)
- Fetch the JSON from Microsoft and generate a list of records to add and to remove
- Check if any records need to be added (if so, add them)
- Check if any records need to be removed (if so, remove them)
Configuration
- Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to
https://endpoints.office.com/endpoints/worldwide
and copy the URL into theMicrosoft Endpoints URL
local variable in the workflow - Set the
Dynamic Object Group Name
local variable to the name of the object group you want to update. Note that this group must be created on Firewall Management Center prior to running the workflow
Targets
Note: If your FMC is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use FMC with orchestration.
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
FMC Target | HTTP Endpoint | Protocol: HTTPS Host: your-firewall-management-center Path: api/ | FMC API Credentials |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
FMC API Credentials | HTTP Basic Authentication | Username: FMC Username Password: FMC Password | Account must have API permissions |