Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1638
Views
0
Helpful
1
Replies

API For Adding/Removing Snort Signatures and Indicators

BlindSquirrel
Level 1
Level 1

‎05-06-2019 09:07 AM - edited ‎02-21-2020 09:06 AM

Hello,

 

Is there a REST API (e.g. for Firepower Managment Console, etc) that will allow you to add/remove custom Snort signatures/IDS Rules on a Firepower IDS? What about IPs to detect/block on? The closest I found was "PUT Inidicator" for the Firepower Managment Center REST API: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/api/REST/Firepower_Management_Center_REST_API_Quick_Start_Guide_640/Objects_In_The_REST_API.html#reference_lmt_2xf_bcb

 

I wasn't sure though what exactly that did, and I could not find anything like that related to Snort.

 

Thanks in advance!

0 Helpful
1 Reply 1

babd00n
Level 1
Level 1

‎05-30-2019 12:47 PM

I have been looking to solve for this as well.  I found that if you know the UUID of the signature, you can perform a GET and you receive some info.


GET successful. Response data -->
{
"description": "GID: 1, SID: 978",
"id": "e7e162f5-aee8-4ec1-93a1-4ec5483f15d3",
"links": {
"self": "https://x.x.x.x/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/e7e162f5-aee8-4ec1-93a1-4ec5483f15d3"
},
"metadata": {
"domain": {
"id": "e276abec-e0f2-11e3-8169-6d9ed49b625f",
"name": "Global",
"type": "domain"
},
"lastUser": {
"id": "68d03c42-d9bd-11dc-89f2-b7961d42c462",
"name": "admin",
"type": "user"
},
"readOnly": {
"state": false
},
"timestamp": 1557266680
},
"name": "\"SERVER-IIS ASP contents view\"",
"type": "idsrule"

 

I plan to explore this further when time allows.  Please share any progress you may have made on this matter.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top