Link Search Menu Expand Document

Block Observable (Direct)

Workflow #0065

Response Workflow

This workflow takes a URL, domain, IP, or IPv6 observable as input and blocks it on the Secure Firewall Management Center. The observable is added to a new object and the new object is added to an existing object group. A confirmation is sent via Webex. Supported observables: url, ip, ipv6, domain

This workflow is similar to workflow 0015B but works differently. Workflow 0015B adds observables to feeds in SecureX which Secure Firewall then consumes. This workflow makes API calls directly to Secure Firewall, typically through an orchestration remote.

GitHub


Change Log

Date Notes
May 4, 2022 - Initial release

See the Important Notes page for more information about updating workflows


Requirements

  • The following system atomics are used by this workflow:
    • Secure Firewall - Add Network Object to Network Group
    • Secure Firewall - Add URL Object to URL Group
    • Secure Firewall - Create Object
    • Secure Firewall - Get Access Token
    • Secure Firewall - Get Network Group by Name
    • Secure Firewall - Get URL Group by Name
    • Secure Firewall - Search object by Value
    • Webex - Post Message to Room
    • Webex - Search for Room
  • The targets and account keys listed at the bottom of the page
  • Cisco Secure Firewall
  • Cisco Webex

Workflow Steps

  1. Fetch global variables
  2. Set the workflow run URL based on region
  3. Search for the Webex room provided
  4. Validate required variables are provided
  5. Set the object types based on the observable type
  6. Search for existing objects for this observable
  7. Check if an object already exists:
    • If it does, use the existing object
    • If it doesn’t, create a new object
  8. Check if we’re working with network or URL objects:
    • If network objects:
      • Get the network group and check if the object is already in it (if so, end the workflow)
      • Add the object to the group and send a confirmation
    • If URL objects:
      • Get the URL group and check if the object is already in it (if so, end the workflow)
      • Add the object to the group and send a confirmation

Configuration

  • Configure the following local variables with the options you want for your Secure Firewall Management Center:
    • Access Control Policy
    • Access Rule
    • Object Name Prefix
    • URL Group
    • Network Group
  • If you want to change the name of this workflow in the pivot menu, change its display name
  • See this page for information on configuring the workflow for Webex

Targets

Target Group: Default TargetGroup

Note: If your FMC is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use FMC with orchestration.

Target Name Type Details Account Keys Notes
FMC Target HTTP Endpoint Protocol: HTTPS
Host: your-firewall-management-center
Path: api/
FMC API Credentials  
Webex Teams HTTP Endpoint Protocol: HTTPS
Host: webexapis.com
Path: None
None  

Account Keys

Account Key Name Type Details Notes
FMC API Credentials HTTP Basic Authentication Username: FMC Username
Password: FMC Password
Account must have API permissions