IPS Alert Enrichment
Workflow #0038
This workflow searches for information about network objects, topology, devices and policies by IP using the Tufin API. The information discovered is uploaded to a file on Microsoft SharePoint and confirmation messages are sent to Microsoft Teams.
Note: The link to download the file posted in Microsoft Teams contains a temporary authentication token and expires an hour after creation.
Change Log
Date | Notes |
---|---|
Jul 30, 2021 | - Initial release |
Sep 7, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- None
- The following atomic actions must be imported before you can import this workflow:
- Microsoft Graph - Get Access Token (CiscoSecurity_Atomics)
- Microsoft Teams - Post Message via Webhook (CiscoSecurity_Atomics)
- Microsoft Graph - Upload Text to New File (CiscoSecurity_Atomics)
- Tufin - Resolve Objects (CiscoSecurity_Atomics)
- Tufin - Search Topology (CiscoSecurity_Atomics)
- Tufin - Search Policies (CiscoSecurity_Atomics)
- The targets and account keys listed at the bottom of the page
- A webhook URL for the Microsoft Teams channel to post messages to (see: this page)
- An application registered using the Azure portal. This will allow you to generate the API credentials needed to upload files to SharePoint
- Tufin Orchestration Suite instance
Workflow Steps
- Get network objects information
- Get topology information
- Get devices and policies information
- Get Microsoft Graph access token
- Upload files with information to SharePoint
- Send message with execution status and links to files to Microsoft Teams
Configuration
- To allow the workflow to upload files to Microsoft SharePoint the following permissions are required on your Azure application:
- Delegated - Files.ReadWrite, Files.ReadWrite.All, Sites.ReadWrite.All
- OR
- Application - Files.ReadWrite.All, Sites.ReadWrite.All
- Set the
Azure Tenant ID
local variable to the ID of your Azure tenant - Set the
Folder Name
local variable to the name of the folder to upload files to in SharePoint
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Microsoft Graph | HTTP Endpoint | Protocol: HTTPS Host: graph.microsoft.com Path: /v1.0 | None | |
Microsoft Graph Token | HTTP Endpoint | Protocol: HTTPS Host: login.microsoftonline.com Path: None | Microsoft Graph API | |
Microsoft Teams Webhook | HTTP Endpoint | Protocol: HTTPS Host: your-tenant.webhook.office.com Path: /the-rest-of-the-webhook-url | None | |
Tufin Orchestration Suite | HTTP Endpoint | Protocol: HTTPS Host: your-tufin-instance.domain.com Path: None | Tufin Credentials | If using a self-signed certificate, disable certificate validation on the target |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
Tufin Credentials | HTTP Basic Authentication | Username: Tufin Admin Username Password: Tufin Admin Password | |
Microsoft Graph API | HTTP Basic Authentication | Username: Client ID Password: Client Secret |