Cisco Secure is moving forward with Cisco hosted SecureX Integration Modules, where you do not need Serverless or docker any more. Find details in Part 1 of the documentation. If you are moving to the Cisco hosted version of the Integration Modules the steps below are not necessary.
Serverless Relay on AWS for SecureX/CTR 3rd Party Modules - Part 1
Serverless Relay on AWS for SecureX/CTR 3rd Party Modules - Part 2
Serverless Relay on AWS for SecureX/CTR 3rd Party Modules - Part 3
Configuring 3rd Party Modules for SecureX Integrations
This steps explains some easy steps to configure, upload and integrate 3rd Party enrichment modules. There are just some simple steps to do. The following steps are similar to all of the modules available on Github.
Before we start, let us clone a Template GitHub Repository, because it also includes a Python Script we need later to configure the JWT token.
Step: Download: Update the necessary components using the command: pip install --upgrade --requirement requirements.txt
Note: Always do this step, some modules may need different libraries to work probably. There will not be any issue with your deployment. The needed components are listed in the requirements.txt file.
Generate the JWT Token
We already downloaded the necessary source. This section describes how to generate all Tokens we need for the SecureX Integration authentication bearer and the AWS SECRET_KEY value.
Note: There are Modules available which to not need any Authentication Bearer, e.g. like the Shodan Module. So you can skip the JWT Token generation. Always take a look for specific Module Settings on GitHub.
Step: JWT Token: Generate anAPI keyfrom the3rd Party Vendor. Many of them a providing community or free APIs which can be used to test the Integration. Follow the steps and guides as outlined there.
Note: In August 2020 we simplified the token generation, so you do not need to copy the jwt_generator.py file any more. All necessary files are already included when cloning the tr-05-serverless-relay code from Github and afterwards updating the app.
Execute the following commands to upgrade an existing virtual environment starting in directory /usr/local/SecureX/tr-05-serverless-relay/.
1. Update the local code: git pull This updates the requirements.txt file 2. Install the latest components including the jwt command line tool: pip install --upgrade --requirement requirements.txt
Step: JWT Token: Now let´s generate a JWT Token (JSON Web Token), which is needed to authenticate. If you want to know more about this authentication mechanism, take a look at theDocumentation. The JWT Token can easily generated with a single statement.
Switch into the directory:cd /usr/local/SecureX/tr-05-serverless-abuseipdb/
Generate the JWT token using the command: jwt dev
(securex) sh-3.2# pwd
(securex) sh-3.2# jwt dev
Enter: Abuse IPDB API Key: FhFUAjPqS1mRFXUnb09eCXeiq7uSr0azbl2PF0fDcxxxxxxxxxx
Copy the output, you will need the generated tokens later.
Upload Serverless App to AWS
Now let us upload the Application to AWS:
Step: Upload/Deploy Package: Before uploading the WebApp to AWS, we have to ensure, that the s3_Package which is generated during upload, is unique. To do so, we have to modify the zappa_settings.json file. The easies way is to add your AWS AccountID to the s3_bucket definition in the zappa_settings.json file.
Hi All, We are being bombarded with retrospective quarantine failure alerts on multiple Endpoints for a file that is part of Adobe Creative Cloud - we believe it is a false positive but cannot fetch copy of the file to sandbox and confirm - anyone el...
Hello, I am trying to create an installation package for Email Reporting Plugin with Mass Installer. The creation of the package fails after the first step (Creating shared folder - Failed) with following error message: "An error has occured. If you'...
Hi, I am stuck trying to get the following setup to work on an ASA5506 running in transparent mode.We use this setup to filter some traffic between our device and the corporate network. We use the ASA5506 (running firmware 9.14) in the following...
My shop utilizes cisco firepower and umbrella. We have to make a decision on an endpoint protection product. Since we’re using the other cisco products would it be best to go with Cisco AMP? The current endpoint product is from another vendor, but with th...