On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

IPS Alert Enrichment

Workflow #0038

This workflow searches for information about network objects, topology, devices and policies by IP using the Tufin API. The information discovered is uploaded to a file on Microsoft SharePoint and confirmation messages are sent to Microsoft Teams.

Note: The link to download the file posted in Microsoft Teams contains a temporary authentication token and expires an hour after creation.

GitHub


Change Log

Date Notes
Jul 30, 2021 - Initial release
Sep 7, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


Requirements


Workflow Steps

  1. Get network objects information
  2. Get topology information
  3. Get devices and policies information
  4. Get Microsoft Graph access token
  5. Upload files with information to SharePoint
  6. Send message with execution status and links to files to Microsoft Teams

Configuration

  • To allow the workflow to upload files to Microsoft SharePoint the following permissions are required on your Azure application:
    • Delegated - Files.ReadWrite, Files.ReadWrite.All, Sites.ReadWrite.All
    • OR
    • Application - Files.ReadWrite.All, Sites.ReadWrite.All
  • Set the Azure Tenant ID local variable to the ID of your Azure tenant
  • Set the Folder Name local variable to the name of the folder to upload files to in SharePoint

Targets

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Microsoft Graph HTTP Endpoint Protocol: HTTPS
Host: graph.microsoft.com
Path: /v1.0
None  
Microsoft Graph Token HTTP Endpoint Protocol: HTTPS
Host: login.microsoftonline.com
Path: None
Microsoft Graph API  
Microsoft Teams Webhook HTTP Endpoint Protocol: HTTPS
Host: your-tenant.webhook.office.com
Path: /the-rest-of-the-webhook-url
None  
Tufin Orchestration Suite HTTP Endpoint Protocol: HTTPS
Host: your-tufin-instance.domain.com
Path: None
Tufin Credentials If using a self-signed certificate, disable certificate validation on the target

Account Keys

Account Key Name Type Details Notes
Tufin Credentials HTTP Basic Authentication Username: Tufin Admin Username
Password: Tufin Admin Password
 
Microsoft Graph API HTTP Basic Authentication Username: Client ID
Password: Client Secret