Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
0
Helpful
2
Replies

Firepower integration with ASA

Go to solution
bhallman
Level 1
Level 1

‎04-24-2017 04:03 PM - edited ‎03-10-2019 06:49 AM

We have a Firesight manager 6.0.1 and an ASA 5545-X running 9.5(2)5.

We are trying to create a remediation that will add an object to the ACL named "Blacklist"

The object would be the Source IP. I would like it to add the objects name as: Sourcefire-%ipaddress%

I have no experience writing an API for Sourcefire.

Cisco TAC says they do not support Custom APIs and they could not give me any realistic resources on how to write an API.

Are there any resources or tools for creating an API?

Are there any debugging tools that can simulate what the results would be?

Can I trigger the rule against a fake IP to have it log into our firewall via SSH and add the dummy IP as a test? Testing this with live threats appears to be the only way and without guarantees that it will operate as expected, this poses a risk to our environment.

Thank you for your time in advance,

Burton Hallman

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ravi Singh
Level 7
Level 7

‎04-28-2017 08:08 AM

I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01100000.html

Hope this help you

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Ravi Singh
Level 7
Level 7

‎04-28-2017 08:08 AM

I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01100000.html

Hope this help you

0 Helpful

Go to solution
bhallman
Level 1
Level 1
In response to Ravi Singh

‎04-28-2017 09:03 AM

I understand the Cisco Support does not support custom remediation modules, but the documentation does seem to show the ability to create custom remediation modules:

http://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/remediation/FireSIGHT-System-Remediation-API-Guide/WritingRemedClients.html

This is why I am looking to the Community for Support as Cisco TAC has zero information on how to create a custom remediation module.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card