Get Expiring Rules (SSE)
Workflow #0074
This workflow searches up to 500 Cisco Secure Firewall Management Center policies for time-based rules that are set to expire within the configured expiry time. If expired or soon-to-expire rules are found, a message is posted in Webex with the rule details.
There are two different ways to integrate Secure Firewall with orchestration. For more information about these two methods and which to use, please see this page.
This workflow expects the new "SecureX Token" account key. For more information about this, please see this page.
Change Log
Date | Notes |
---|---|
Sep 7, 2022 | - Initial release |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- SecureX - SSE Proxy - Send Request
- Webex - Post Message to Room
- Webex - Search for Room
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed below
- Cisco Secure Firewall
- Cisco Webex
Workflow Steps
- Validate required settings and fetch the Webex room ID
- Get time-range objects
- Get access policies
- For each policy:
- Check each rule for time-based objects
- If time-based objects are found in rule:
- Calculate the expiry time and append to the workflow output as needed
- Finalize the output of the workflow based on what was found
- Post message to Webex
Configuration
- Set the
Check For Expired Rules
local variable totrue
orfalse
depending on whether you want to report on rules which already expired - Set the
Expiring Soon Time Period
local variable to the number of days you want to use as the threshold for considering a rule to be expiring soon. For example, if you set this to 7 days, any rule expiring within 7 days will be considered “expiring soon” - Set the
Secure Firewall Management Center URL
to the base URL of your FMC portal. For example:https://securefirewall.yourcompany.com
- Set the
Domain UUID
to the UUID of the FMC domain you want the workflow to make changes to. If you’re using the default domain, you can leave the default value - Set the
Device ID
to the ID of the device to send the command to in SSE. This can be obtained from the device’s summary page in SSE, the Devices page in the Administration section of SecureX, or by using the “SecureX - SSE Proxy - List Devices” atomic - If you want the workflow to run on a schedule, you need to create a schedule and then add it as a trigger within the workflow
- See this page for information on configuring the workflow for Webex
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
CTR_API | HTTP Endpoint | Protocol: HTTPS Host: visibility.amp.cisco.com Path: /iroh | CTR_Credentials | Created by default |
Webex Teams | HTTP Endpoint | Protocol: HTTPS Host: webexapis.com Path: None | None |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
CTR_Credentials | SecureX Token | See this page |