Re: Firepower URL Object list

Fernandes · ‎05-23-2024

A client asks me for a list which URL's are accessed. It has access to more than 40 URLs. I don't want to manually write them one by one from the URL Object.

Network objects can be seen very easy in the CLI with the (show object-group id xxx) command, but there is no such command for the URL.

Are there options for this in expert mode? How can I do it?

Hardware: FPR-3130

MHM Cisco World · ‎05-23-2024

you can use URL list of SI
check this link

8. Cisco FTD Security Intelligence ( IPs and URLs) - RAYKA (rayka-co.com)

MHM

Sheraz.Salim · ‎05-23-2024

You can use API call and do this work very easily. Only If you are familiar with REST APIs, you can use the FMC API to programmatically retrieve the URLs. Here is an example using Python:

import requests
import json

fmc_server = "https://fmc_server_ip"
username = "your_username"
password = "your_password"

# Disable SSL warnings
requests.packages.urllib3.disable_warnings()

# Get authentication token
auth_url = fmc_server + "/api/fmc_platform/v1/auth/generatetoken"
response = requests.post(auth_url, auth=(username, password), verify=False)
auth_headers = response.headers

# Set headers
headers = {
    "Content-Type": "application/json",
    "X-auth-access-token": auth_headers["X-auth-access-token"]
}

# Get URL objects
url = fmc_server + "/api/fmc_config/v1/domain/default/object/urls"
response = requests.get(url, headers=headers, verify=False)
url_objects = response.json()

# Extract URLs
urls = [obj['url'] for obj in url_objects['items']]
print(urls)

Replace fmc_server_ip, your_username, and your_password with the appropriate values for your FMC server.

If using FDM.

SSH into the FPR-3130:
Open your SSH client and connect to the FPR-3130.

Access Expert Mode:
Enter expert mode by typing the following command

expert

The URL objects are typically stored in configuration files within the system. You can use the grep command to search for URL objects in the configuration files

cd /ngfw/var/sf/
grep -r 'URL_Object_Name' 

Replace URL_Object_Name with the name of your URL object group.

Once you locate the relevant configuration file, you can extract the URLs using a combination of cat and grep or any other text processing tool.

cat path_to_configuration_file | grep 'url'

This should give you a list of URLs within the configuration file.

please do not forget to rate.

Fernandes · ‎05-23-2024

Thank you for your reply.

When typing with admin, it shows "permission denied", and when typing with root, the directory is not found.

What can I do?

Sheraz.Salim · ‎05-23-2024

Let me check in my lab and I shall get back to youi.

please do not forget to rate.

Sheraz.Salim · ‎05-23-2024

Easy way to access it by using Postman API. This link will take you already define API for FMC and This Link for FDM POSTMAN

How to setup postman with FDM or FMC cred Here

and the GET

{{protocol}}://{{hostname}}/api/fmc_config/v1/domain/{{domain_id}}/object/urls?expanded=True&limit=100

please do not forget to rate.

Jon Are Endrerud · ‎05-23-2024

If found that working with URL's, creating a feed that can be pulled from a HTTPS with md5 (optional) works great. Then firepower pulls the list and checks agains't it. Easy to add new, and remove old ones.

Please rate as helpful, if that would be the case. Thanx

MHM Cisco World · ‎05-23-2024

I suggest this to him' but he want to try other methods.

MHM

Jon Are Endrerud · ‎05-23-2024

Saw it now, it the best way to go.

Please rate as helpful, if that would be the case. Thanx