On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Get Expiring Rules (Remote)

Workflow #0066

This workflow searches up to 500 Cisco Secure Firewall Management Center policies for time-based rules that are set to expire within the configured expiry time. If expired or soon-to-expire rules are found, a message is posted in Webex with the rule details.

There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.

GitHub

Change Log

Date Notes
Aug 1, 2022 - Initial release
Sep 7, 2022 - Name modified to reflect this workflow using orchestration remote

See the Important Notes page for more information about updating workflows

Requirements

  • The following system atomics are used by this workflow:
    • Secure Firewall - Get Access Token
    • Webex - Post Message to Room
    • Webex - Search for Room
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed below
  • Cisco Secure Firewall
  • Cisco Webex

Workflow Steps

  1. Validate required settings and fetch the Webex room ID
  2. Get access token for FMC
  3. Get time-range objects
  4. Get access policies
  5. For each policy:
    • Check each rule for time-based objects
    • If time-based objects are found in rule:
      • Calculate the expiry time and append to the workflow output as needed
  6. Finalize the output of the workflow based on what was found
  7. Post message to Webex

Configuration

  • Set the Check For Expired Rules local variable to true or false depending on whether you want to report on rules which already expired
  • Set the Expiring Soon Time Period local variable to the number of days you want to use as the threshold for considering a rule to be expiring soon. For example, if you set this to 7 days, any rule expiring within 7 days will be considered “expiring soon”
  • Set the Secure Firewall Management Center URL to the base URL of your FMC portal. For example: https://securefirewall.yourcompany.com
  • If you want the workflow to run on a schedule, you need to create a schedule and then add it as a trigger within the workflow
  • See this page for information on configuring the workflow for Webex

Targets

Target Group: Default TargetGroup

Note: If your FMC is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use FMC with orchestration.

Target Name Type Details Account Keys Notes
FMC Target HTTP Endpoint Protocol: HTTPS
Host: your-firewall-management-center
Path: api/		 FMC API Credentials  
Webex Teams HTTP Endpoint Protocol: HTTPS
Host: webexapis.com
Path: None		 None  

Account Keys

Account Key Name Type Details Notes
FMC API Credentials HTTP Basic Authentication Username: FMC Username
Password: FMC Password		 Account must have API permissions