Microsoft Online Dynamic Object Update (SSE)
Workflow #0071
Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow demonstrates fetching that JSON, reformatting it, and updating a dynamic object group on Cisco Secure Firewall.
There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.
This workflow expects the new "SecureX Token" account key. For more information about this, please see this page.
Change Log
Date | Notes |
---|---|
Sep 7, 2022 | - Initial release |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Secure Firewall - SSE - Create Dynamic Object Group
- Secure Firewall - SSE - Get Dynamic Object Group Mappings
- Secure Firewall - SSE - Update Dynamic Object Group Mappings
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Secure Firewall (software version 7.2 or newer)
Workflow Steps
- Get the existing dynamic object group mappings
- Check if fetching the mappings succeeded (if not, create a new dynamic object group)
- Fetch the JSON from Microsoft and generate a list of records to add and to remove
- Check if any records need to be added (if so, add them)
- Check if any records need to be removed (if so, remove them)
Configuration
- Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to
https://endpoints.office.com/endpoints/worldwide
and copy the URL into theMicrosoft Endpoints URL
local variable in the workflow - Set the
Dynamic Object Group Name
local variable to the name of the object group you want to update. Note that this group must be created on Firewall Management Center prior to running the workflow - Set the
Domain UUID
to the UUID of the FMC domain you want the workflow to make changes to. If you’re using the default domain, you can leave the default value - Set the
Device ID
to the ID of the device to send the command to in SSE. This can be obtained from the device’s summary page in SSE, the Devices page in the Administration section of SecureX, or by using the “SecureX - SSE Proxy - List Devices” atomic
Targets
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
CTR_API | HTTP Endpoint | Protocol: HTTPS Host: visibility.amp.cisco.com Path: /iroh | CTR_Credentials | Created by default |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
CTR_Credentials | SecureX Token | See this page |