On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Microsoft Online Dynamic Object Update (SSE)

Workflow #0071

Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow demonstrates fetching that JSON, reformatting it, and updating a dynamic object group on Cisco Secure Firewall.

There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.
This workflow expects the new "SecureX Token" account key. For more information about this, please see this page.

GitHub

Change Log

Date Notes
Sep 7, 2022 - Initial release

See the Important Notes page for more information about updating workflows

Requirements

  • The following system atomics are used by this workflow:
    • Secure Firewall - SSE - Create Dynamic Object Group
    • Secure Firewall - SSE - Get Dynamic Object Group Mappings
    • Secure Firewall - SSE - Update Dynamic Object Group Mappings
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Secure Firewall (software version 7.2 or newer)

Workflow Steps

  1. Get the existing dynamic object group mappings
  2. Check if fetching the mappings succeeded (if not, create a new dynamic object group)
  3. Fetch the JSON from Microsoft and generate a list of records to add and to remove
  4. Check if any records need to be added (if so, add them)
  5. Check if any records need to be removed (if so, remove them)

Configuration

  • Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to https://endpoints.office.com/endpoints/worldwide and copy the URL into the Microsoft Endpoints URL local variable in the workflow
  • Set the Dynamic Object Group Name local variable to the name of the object group you want to update. Note that this group must be created on Firewall Management Center prior to running the workflow
  • Set the Domain UUID to the UUID of the FMC domain you want the workflow to make changes to. If you’re using the default domain, you can leave the default value
  • Set the Device ID to the ID of the device to send the command to in SSE. This can be obtained from the device’s summary page in SSE, the Devices page in the Administration section of SecureX, or by using the “SecureX - SSE Proxy - List Devices” atomic

Targets

Target Name Type Details Account Keys Notes
CTR_API HTTP Endpoint Protocol: HTTPS
Host: visibility.amp.cisco.com
Path: /iroh		 CTR_Credentials Created by default

Account Keys

Account Key Name Type Details Notes
CTR_Credentials SecureX Token   See this page