Skip to content

Latest commit

 

History

History
180 lines (119 loc) · 8.32 KB

README.md

File metadata and controls

180 lines (119 loc) · 8.32 KB

SecureX Orchestrator Atomic Actions for Cisco Defense Orchestrator (CDO)

published sxoanalyzed

NOTE: Some atomic actions in this repository make use of CDO's REST API & not the official GraphQL-based Public API. Whilst the atomics that use the REST API aren't an officially supported methodology to programmatically interact with CDO, these endpoints are the same as what the CDO GUI uses and therefore, considered stable and suitable for use, especially in cases where the GraphQL-based Public API may not support certain methods.

Additional Resources:

In this repository, you'll find the following atomics:

Purpose: This atomic action makes use of CDO's REST API to run a CLI command on an ASA

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply the ASA's UID and the command to run as inputs
  4. The output of this atomic action is the CLI response of the command as seen on the device

Purpose: This atomic action makes use of CDO's REST API to create an Access List on CDO with an associated Network Object Group

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply Input Variables (all variables have descriptions in-line)
  4. Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID of the Access Group created)
  5. The output of this atomic action is the UID of the Access Group created

Purpose: This atomic action makes use of CDO's REST API to delete unused Object Groups on CDO by their UIDs

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply a comma-separated list of UIDs of objects to delete - ensure these objects are not already associated with any devices
  4. If this atomic action runs successfully, a successful response was received from CDO

Purpose: This atomic action makes use of CDO's REST API to launch a deployment job on CDO

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply the device UID of a device with one or more staged changes
  4. The output of this atomic action is the UID of the CDO job launched

Purpose: This atomic action makes it possible to use GraphQL with SXO's Web Service Adapter

Steps to use:

  1. Create a target https://edge.us.cdo.cisco.com
  2. Input CDO API Token to this workflow
  3. Supply GraphQL query from API docs

Purpose: This atomic action makes it possible to use GraphQL to retrieve an Object Group's UID given it's name with SXO's Web Service Adapter

Steps to use:

  1. Create a target https://edge.us.cdo.cisco.com
  2. Input CDO API Token to this workflow
  3. Supply the name of the object group to search for (by default, only the first match is returned)
  4. The output of this atomic action is the UID of the object group

Purpose: This atomic action makes use of CDO's REST API to monitor a deployment job on CDO

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply the job UID as input (optional)
  4. The output of this atomic action is the status of a job on CDO. If no job UID is supplied, the output is the overall status of all jobs on CDO.

Purpose: This atomic action makes it possible to use GraphQL to create a new object group on CDO with SXO's Web Service Adapter

Steps to use:

  1. Create a target https://edge.us.cdo.cisco.com
  2. Input CDO API Token
  3. Supply input variables
  4. Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID)
  5. The output of this atomic action is the UID of the object group created

Purpose: This atomic action makes use of CDO's REST API to create a new service object on CDO

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply the protocol, object name, description, source/destination ports for the service object as applicable
  4. The output of this atomic action is the UID of the Service Object created

Purpose: This atomic action makes it possible to use GraphQL to query devices by either name, IP address, serial, or interfaces with SXO's Web Service Adapter

Steps to use:

  1. Create a target https://edge.us.cdo.cisco.com
  2. Input CDO API Token
  3. Supply Search Term
  4. Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID)
  5. The Output of this workflow is a list of Device UIDs (could be one or more based on search term)

Purpose: This atomic action makes use of CDO's REST API to terminate VPN sessions across all devices given a User's ID

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply the User's ID input
  4. Successful execution of this atomic action indicates successful termination of VPN sessions for the given User ID

Purpose: This atomic action makes it possible to use GraphQL to update an object group on CDO with SXO's Web Service Adapter.

Steps to use:

  1. Create a target https://edge.us.cdo.cisco.com
  2. Input CDO API Token
  3. Supply input variables
  4. Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID)
  5. The output of this atomic action is a comma-separated string of UIDs of all affected devices that are mapped to the updated object group

Purpose: This atomic action makes use of CDO's REST API to update an existing object group on CDO. Use only in case there are issues with updating the object group via the GraphQL atomic.

NOTE: This atomic will replace/overwrite all parameters. If you wish to append to existing configuration, you must include existing configuration in your input to this atomic.

Steps to use:

  1. Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
  2. Input CDO API Token to this workflow
  3. Supply the UID of Object Group to update and other parameters as applicable (CIDR List, Name, Description)
  4. The output of this atomic action is a comma-separated string of UIDs of all affected devices that are mapped to the updated object group

Contributors:

  1. Aman Sardana ([email protected])
  2. Anant Nambiar ([email protected])

Cisco CX Managed Services - Operate, May 2021