Block Observable (Remote)
Workflow #0065
Response Workflow
This workflow takes a URL, domain, IP, or IPv6 observable as input and blocks it on the Secure Firewall Management Center. The observable is added to a new object and the new object is added to an existing object group. A confirmation is sent via Webex. Supported observables: url
, ip
, ipv6
, domain
This workflow is similar to workflow 0015B but works differently. Workflow 0015B adds observables to feeds in SecureX which Secure Firewall then consumes. This workflow makes API calls directly to Secure Firewall, typically through an orchestration remote.
There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.
Change Log
Date | Notes |
---|---|
May 4, 2022 | - Initial release |
Sep 7, 2022 | - Name modified to reflect this workflow using orchestration remote |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Secure Firewall - Add Network Object to Network Group
- Secure Firewall - Add URL Object to URL Group
- Secure Firewall - Create Object
- Secure Firewall - Get Access Token
- Secure Firewall - Get Network Group by Name
- Secure Firewall - Get URL Group by Name
- Secure Firewall - Search Object by Value
- Webex - Post Message to Room
- Webex - Search for Room
- The targets and account keys listed at the bottom of the page
- Cisco Secure Firewall
- Cisco Webex
Workflow Steps
- Fetch global variables
- Set the workflow run URL based on region
- Search for the Webex room provided
- Validate required variables are provided
- Set the object types based on the observable type
- Search for existing objects for this observable
- Check if an object already exists:
- If it does, use the existing object
- If it doesn’t, create a new object
- Check if we’re working with network or URL objects:
- If network objects:
- Get the network group and check if the object is already in it (if so, end the workflow)
- Add the object to the group and send a confirmation
- If URL objects:
- Get the URL group and check if the object is already in it (if so, end the workflow)
- Add the object to the group and send a confirmation
- If network objects:
Configuration
- Configure the following local variables with the options you want for your Secure Firewall Management Center:
- Access Control Policy
- Access Rule
- Object Name Prefix
- URL Group
- Network Group
- If you want to change the name of this workflow in the pivot menu, change its display name
- See this page for information on configuring the workflow for Webex
Targets
Target Group: Default TargetGroup
Note: If your FMC is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use FMC with orchestration.
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
FMC Target | HTTP Endpoint | Protocol: HTTPS Host: your-firewall-management-center Path: api/ | FMC API Credentials | |
Webex Teams | HTTP Endpoint | Protocol: HTTPS Host: webexapis.com Path: None | None |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
FMC API Credentials | HTTP Basic Authentication | Username: FMC Username Password: FMC Password | Account must have API permissions |