cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Firepower integration with ASA

bhallman
Beginner
Beginner

We have a Firesight manager 6.0.1 and an ASA 5545-X running 9.5(2)5.

We are trying to create a remediation that will add an object to the ACL named "Blacklist"

The object would be the Source IP. I would like it to add the objects name as: Sourcefire-%ipaddress%

I have no experience writing an API for Sourcefire.

Cisco TAC says they do not support Custom APIs and they could not give me any realistic resources on how to write an API.

Are there any resources or tools for creating an API?

Are there any debugging tools that can simulate what the results would be?

Can I trigger the rule against a fake IP to have it log into our firewall via SSH and add the dummy IP as a test? Testing this with live threats appears to be the only way and without guarantees that it will operate as expected, this poses a risk to our environment.

Thank you for your time in advance,

Burton Hallman

1 ACCEPTED SOLUTION

Accepted Solutions

Ravi Singh
Rising star
Rising star

I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01100000.html

Hope this help you

View solution in original post

2 REPLIES 2

Ravi Singh
Rising star
Rising star

I would like to inform you that custom API is not supported on Firepower. But there are few builtin to use please check the below link

http://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/fpmc-config-guide-v60_chapter_01100000.html

Hope this help you

I understand the Cisco Support does not support custom remediation modules, but the documentation does seem to show the ability to create custom remediation modules:

http://www.cisco.com/c/en/us/td/docs/security/firesight/540/api/remediation/FireSIGHT-System-Remediation-API-Guide/WritingRemedClients.html

This is why I am looking to the Community for Support as Cisco TAC has zero information on how to create a custom remediation module.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: