05-23-2024 01:12 AM
A client asks me for a list which URL's are accessed. It has access to more than 40 URLs. I don't want to manually write them one by one from the URL Object.
Network objects can be seen very easy in the CLI with the (show object-group id xxx) command, but there is no such command for the URL.
Are there options for this in expert mode? How can I do it?
Hardware: FPR-3130
05-23-2024 01:27 AM
you can use URL list of SI
check this link
8. Cisco FTD Security Intelligence ( IPs and URLs) - RAYKA (rayka-co.com)
MHM
05-23-2024 02:29 AM - edited 05-23-2024 02:30 AM
You can use API call and do this work very easily. Only If you are familiar with REST APIs, you can use the FMC API to programmatically retrieve the URLs. Here is an example using Python:
import requests
import json
fmc_server = "https://fmc_server_ip"
username = "your_username"
password = "your_password"
# Disable SSL warnings
requests.packages.urllib3.disable_warnings()
# Get authentication token
auth_url = fmc_server + "/api/fmc_platform/v1/auth/generatetoken"
response = requests.post(auth_url, auth=(username, password), verify=False)
auth_headers = response.headers
# Set headers
headers = {
"Content-Type": "application/json",
"X-auth-access-token": auth_headers["X-auth-access-token"]
}
# Get URL objects
url = fmc_server + "/api/fmc_config/v1/domain/default/object/urls"
response = requests.get(url, headers=headers, verify=False)
url_objects = response.json()
# Extract URLs
urls = [obj['url'] for obj in url_objects['items']]
print(urls)
Replace fmc_server_ip, your_username, and your_password with the appropriate values for your FMC server.
If using FDM.
SSH into the FPR-3130:
Open your SSH client and connect to the FPR-3130.
Access Expert Mode:
Enter expert mode by typing the following command
expert
The URL objects are typically stored in configuration files within the system. You can use the grep command to search for URL objects in the configuration files
cd /ngfw/var/sf/
grep -r 'URL_Object_Name'
Replace URL_Object_Name with the name of your URL object group.
Once you locate the relevant configuration file, you can extract the URLs using a combination of cat and grep or any other text processing tool.
cat path_to_configuration_file | grep 'url'
This should give you a list of URLs within the configuration file.
05-23-2024 03:36 AM
Thank you for your reply.
When typing with admin, it shows "permission denied", and when typing with root, the directory is not found.
What can I do?
05-23-2024 05:01 AM
Let me check in my lab and I shall get back to youi.
05-23-2024 06:16 AM
Easy way to access it by using Postman API. This link will take you already define API for FMC and This Link for FDM POSTMAN
How to setup postman with FDM or FMC cred Here
and the GET
05-23-2024 06:53 AM
If found that working with URL's, creating a feed that can be pulled from a HTTPS with md5 (optional) works great. Then firepower pulls the list and checks agains't it. Easy to add new, and remove old ones.
05-23-2024 06:56 AM
I suggest this to him' but he want to try other methods.
MHM
05-23-2024 06:58 AM
Saw it now, it the best way to go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide