cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Getting the most out of the Firepower System with APIs

630
Views
0
Helpful
0
Comments
Cisco Employee

Take advantage of Firepower’s most powerful, and well documented context-rich APIs to allow the exchange of network and endpoint security events, data, and host information. With these APIs, you can automate repetitive tasks for consistency and to avoid user errors, do configuration management automation, and automate mass deployments that need faster rollout of changes with a higher degree of consistency.

The DevNet Firepower page contains all the resources such as videos, documentation, and learnings labs to get you started with programming and to get the most out of your Firepower environment. The DevNet Firepower page is categorized as follows:

  • The Firepower Management Center (FMC) APIs allow the exchange of network and endpoint security events, data, and host information. The FMC APIs include:

eStreamer

The Cisco Event Streamer (also known as eStreamer) allows you to stream Firepower System events to external client applications. You can stream host, discovery, correlation, compliance white list, intrusion, user activity, file, malware, and connection data from a Management Center. For more information, see the eStreamer Integration Guide for 6.3.0.

Database Access

The Firepower System database access feature allows you to query intrusion, discovery, user activity, correlation, connection, vulnerability, and application and URL statistics database tables on a Cisco Firepower Management Center, using a third-party client that supports JDBC SSL connections. For more information, see the Database Access Guide for 6.3.0.

Host Input

The Firepower Management Center Host Input API provides a tool for importing data from other sources on your network to augment the monitored host information. For more information, see the Host Input API Guide for 6.0.

Remediation

The Firepower System Remediation API allows you to create remediations that your Firepower Management Center can automatically launch when conditions on your network violate the associated correlation policy. For more information, see the Firepower System Remediation API Guide for 6.0.

REST

The REST API is an application programming interface (API), based on “RESTful” principles, which you can quickly enable on any Firepower Management Center running version 6.1 or higher, and use with a REST client. You can use the REST APIs over HTTPS, and the REST API uses JavaScript Object Notation (JSON) format to represent objects. For more information, see the Firepower Management Center REST API Quick Start Guide for 6.3.0.

  • The Firepower Threat Defense (FTD) REST APIs help you to automate configuration management and execution of operational tasks on FTD devices. You can use the FTD REST APIs over HTTPS to interact with an FTD device through a client program. The REST API uses JavaScript Object Notation (JSON) format to represent objects. For more information, see the Cisco Firepower Threat Defense REST API Guide.
  • The FXOS Firepower Chassis Manager REST APIs includes both Platform and Firepower Chassis Services RESTful APIs. With these APIs, you can configure and monitor the platform and Firepower Chassis Services. These APIs are solely for Platform services provided by Firepower eXtensible OS. For more information, see the Cisco Firepower Chassis Manager REST API Reference.
  • Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices.

Want to delve deep? Visit the Firepower programming knowledge hub at https://developer.cisco.com/firepower/. And, for detailed documentation on the programming guides, visit https://www.cisco.com/c/en/us/support/security/defense-center/products-programming-reference-guides-list.html.