diff --git a/plugins/cisco_firepower_management_center/.CHECKSUM b/plugins/cisco_firepower_management_center/.CHECKSUM index 7f36bce2ec..64612641ea 100644 --- a/plugins/cisco_firepower_management_center/.CHECKSUM +++ b/plugins/cisco_firepower_management_center/.CHECKSUM @@ -1,7 +1,7 @@ { - "spec": "9252776426fc87768ecdc4b2542a579c", - "manifest": "e9474d1c632c9ffd9821c73fb4287772", - "setup": "e5a4528a7b547465941e8bcf9a2e1865", + "spec": "774ec03d980ddd7c2fb6eb19444a6e54", + "manifest": "8686336471e7ed58bc3ffc89ee013259", + "setup": "5e29d63e7a3bbaf0287f36401d3a3707", "schemas": [ { "identifier": "add_address_to_group/schema.py", diff --git a/plugins/cisco_firepower_management_center/Dockerfile b/plugins/cisco_firepower_management_center/Dockerfile index 130dcaffa0..b6d34c16ed 100755 --- a/plugins/cisco_firepower_management_center/Dockerfile +++ b/plugins/cisco_firepower_management_center/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:5 +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.2 LABEL organization=rapid7 LABEL sdk=python @@ -12,7 +12,7 @@ RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi ADD . /python/src -RUN python setup.py build && python setup.py install +RUN python setup.py build && python setup.py install # User to run plugin code. The two supported users are: root, nobody USER root diff --git a/plugins/cisco_firepower_management_center/bin/icon_cisco_firepower_management_center b/plugins/cisco_firepower_management_center/bin/icon_cisco_firepower_management_center index d5aca42f51..d4ae90ff0e 100755 --- a/plugins/cisco_firepower_management_center/bin/icon_cisco_firepower_management_center +++ b/plugins/cisco_firepower_management_center/bin/icon_cisco_firepower_management_center @@ -6,7 +6,7 @@ from sys import argv Name = "Cisco Firepower Management Center" Vendor = "rapid7" -Version = "2.1.2" +Version = "2.1.3" Description = "This plugin utilizes Cisco Firepower Management Center to create URL block policies and manage address objects to block hosts" diff --git a/plugins/cisco_firepower_management_center/help.md b/plugins/cisco_firepower_management_center/help.md index 49637c0189..b2b17b904e 100644 --- a/plugins/cisco_firepower_management_center/help.md +++ b/plugins/cisco_firepower_management_center/help.md @@ -15,26 +15,26 @@ In this example, adding an address object to a group attached to a deny-all rule * Cisco Firepower Management Center username and password # Supported Product Versions - + * 6.6.0 # Documentation ## Setup - + The connection configuration accepts the following parameters: -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|certificate|bytes|None|True|Base64-encoded certificate in PKCS12 format to authenticate with the host input API|None|VGhpcyBpcyBhIHNhbXBsZSBiYXNlNjQtZW5jb2RlZCBjZXJ0aWZpY2F0ZSB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgaG9zdCBpbnB1dCBBUEku| -|certificate_passphrase|credential_secret_key|None|True|The passphrase to access the certificate|None|passphrase| -|domain|string|Global|False|Cisco FirePower Management Center Domain|None|Global| -|host_input_port|integer|8307|False|The port number for the provided host used in the Host Input API calls|None|8307| -|port|integer|443|False|The port number for provided host|None|443| -|server|string|None|False|Enter the address for the server|None|www.example.com| -|ssl_verify|boolean|True|False|Validate TLS / SSL certificate|None|True| -|username_and_password|credential_username_password|None|True|Cisco username and password|None|{"username":"user1", "password":"mypassword"}| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|certificate|bytes|None|True|Base64-encoded certificate in PKCS12 format to authenticate with the host input API|None|VGhpcyBpcyBhIHNhbXBsZSBiYXNlNjQtZW5jb2RlZCBjZXJ0aWZpY2F0ZSB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgaG9zdCBpbnB1dCBBUEku|None|None| +|certificate_passphrase|credential_secret_key|None|True|The passphrase to access the certificate|None|passphrase|None|None| +|domain|string|Global|False|Cisco FirePower Management Center Domain|None|Global|None|None| +|host_input_port|integer|8307|False|The port number for the provided host used in the Host Input API calls|None|8307|None|None| +|port|integer|443|False|The port number for provided host|None|443|None|None| +|server|string|None|False|Enter the address for the server|None|www.example.com|None|None| +|ssl_verify|boolean|True|False|Validate TLS / SSL certificate|None|True|None|None| +|username_and_password|credential_username_password|None|True|Cisco username and password|None|{"username":"user1", "password":"mypassword"}|None|None| + Example input: ``` @@ -59,15 +59,15 @@ Example input: #### Add Address to Group - + This action is used to adds an existing address object to a group ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|address|string|None|True|Name of address object|None|MaliciousHost| -|group|string|None|True|Name of address group to add the address to|None|MaliciousAddressGroup| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address|string|None|True|Name of address object|None|MaliciousHost|None|None| +|group|string|None|True|Name of address group to add the address to|None|MaliciousAddressGroup|None|None| Example input: @@ -129,15 +129,15 @@ Example output: ``` #### Add Scan Result - + This action is used to add a scan result from a third-party vulnerability scanner ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|operation|string|None|True|The operation to be performed when adding scan results. ScanFlush to remove existing scan results or ScanUpdate to keep existing scan results|["ScanUpdate", "ScanFlush"]|ScanUpdate| -|scan_result|scan_result|None|False|The host scan result to be added|None|{"host": {"ip_address": "0.0.0.164", "operating_system": {"name": "Ubuntu", "vendor": "Canonical", "version": "16.04"}}, "scan_result_details": {"description": "Example description", "protocol_id": "6", "scanner_id": "ProductZImport", "source_id": "ProductZ", "vulnerability_id": "943387", "vulnerability_title": "Virus Wire 0"}}| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|operation|string|None|True|The operation to be performed when adding scan results. ScanFlush to remove existing scan results or ScanUpdate to keep existing scan results|["ScanUpdate", "ScanFlush"]|ScanUpdate|None|None| +|scan_result|scan_result|None|False|The host scan result to be added|None|{"host": {"ip_address": "0.0.0.164", "operating_system": {"name": "Ubuntu", "vendor": "Canonical", "version": "16.04"}}, "scan_result_details": {"description": "Example description", "protocol_id": "6", "scanner_id": "ProductZImport", "source_id": "ProductZ", "vulnerability_id": "943387", "vulnerability_title": "Virus Wire 0"}}|None|None| Example input: @@ -182,16 +182,16 @@ Example output: ``` #### Block URL Policy - + This action is used to create a new block URL policy ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|access_policy|string|None|True|Name for the access policy to be created|None|Example Access Policy| -|rule_name|string|None|True|Name for the access rule to be created|None|Example Access Rule| -|url_objects|[]url_object|None|True|URL objects to block|None|[{'name': 'example_url', 'url': 'https://example.com'}]| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|access_policy|string|None|True|Name for the access policy to be created|None|Example Access Policy|None|None| +|rule_name|string|None|True|Name for the access rule to be created|None|Example Access Rule|None|None| +|url_objects|[]url_object|None|True|URL objects to block|None|[{'name': 'example_url', 'url': 'https://example.com'}]|None|None| Example input: @@ -218,15 +218,15 @@ Example output: ``` #### Bulk Add Scan Result - + This action is used to add scan results from a third-party vulnerability scanner ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|operation|string|None|True|The operation to be performed when adding scan results. ScanFlush to remove existing scan results or ScanUpdate to keep existing scan results|["ScanUpdate", "ScanFlush"]|ScanUpdate| -|scan_results|[]scan_result|None|False|Host scan results to be added|None|[{"host": {"ip_address": "0.0.0.164", "operating_system": {"name": "Ubuntu", "vendor": "Canonical", "version": "16.04"}}, "scan_result_details": {"description": "Example description", "protocol_id": "6", "scanner_id": "ProductZImport", "source_id": "ProductZ", "vulnerability_id": "943387", "vulnerability_title": "Virus Wire 0"}}]| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|operation|string|None|True|The operation to be performed when adding scan results. ScanFlush to remove existing scan results or ScanUpdate to keep existing scan results|["ScanUpdate", "ScanFlush"]|ScanUpdate|None|None| +|scan_results|[]scan_result|None|False|Host scan results to be added|None|[{"host": {"ip_address": "0.0.0.164", "operating_system": {"name": "Ubuntu", "vendor": "Canonical", "version": "16.04"}}, "scan_result_details": {"description": "Example description", "protocol_id": "6", "scanner_id": "ProductZImport", "source_id": "ProductZ", "vulnerability_id": "943387", "vulnerability_title": "Virus Wire 0"}}]|None|None| Example input: @@ -273,16 +273,16 @@ Example output: ``` #### Check if Address in Group - + This action is used to checks if provided Address Object name or host exists in the Address Group ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|address|string|None|True|Address Object name, or IP, CIDR, or domain name when Enable Search is on|None|MaliciousHost| -|enable_search|boolean|False|False|When enabled, the Address input will accept an IP, CIDR, or domain name to search across the available Address Objects in the system. This is useful when you don't know the Address Object by its name|None|False| -|group|string|None|True|Name of address group to check|None|MaliciousAddressGroup| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address|string|None|True|Address Object name, or IP, CIDR, or domain name when Enable Search is on|None|MaliciousHost|None|None| +|enable_search|boolean|False|False|When enabled, the Address input will accept an IP, CIDR, or domain name to search across the available Address Objects in the system. This is useful when you don't know the Address Object by its name|None|False|None|None| +|group|string|None|True|Name of address group to check|None|MaliciousAddressGroup|None|None| Example input: @@ -342,17 +342,17 @@ Example output: ``` #### Create Address Object - + This action is used to creates a new address object ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|address|string|None|True|IP address, CIDR IP address, or domain name to assign to the Address Object|None|example.com| -|address_object|string|None|False|Name of the address object, defaults to the value address in the address field if no name is given|None|MaliciousHost| -|skip_private_address|boolean|None|True|If set to true, any addresses that are defined in the RFC1918 space will not be blocked. e.g. 10/8, 172.16/12, 192.168/16|None|True| -|whitelist|[]string|None|False|This list contains a set of hosts that should not be blocked. This can include IP addresses, CIDR IP addresses, and domains|None|["198.51.100.100", "192.0.2.0/24", "example.com"]| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address|string|None|True|IP address, CIDR IP address, or domain name to assign to the Address Object|None|example.com|None|None| +|address_object|string|None|False|Name of the address object, defaults to the value address in the address field if no name is given|None|MaliciousHost|None|None| +|skip_private_address|boolean|None|True|If set to true, any addresses that are defined in the RFC1918 space will not be blocked. e.g. 10/8, 172.16/12, 192.168/16|None|True|None|None| +|whitelist|[]string|None|False|This list contains a set of hosts that should not be blocked. This can include IP addresses, CIDR IP addresses, and domains|None|["198.51.100.100", "192.0.2.0/24", "example.com"]|None|None| Example input: @@ -407,14 +407,14 @@ Example output: ``` #### Delete Address Object - + This action is used to deletes an address object ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|address_object|string|None|True|Name of the address object to delete|None|MaliciousHost| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address_object|string|None|True|Name of the address object to delete|None|MaliciousHost|None|None| Example input: @@ -462,15 +462,15 @@ Example output: ``` #### Remove Address from Group - + This action is used to removes an address from a group ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -| :--- | :--- | :--- | :--- | :--- | :--- | :--- | -|address|string|None|True|The address object name, hostname, an IP address or subnet address expressed in CIDR notation to remove from group|None|MaliciousHost| -|group|string|None|True|Name of the group to remove the address from|None|MaliciousAddressGroup| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address|string|None|True|The address object name, hostname, an IP address or subnet address expressed in CIDR notation to remove from group|None|MaliciousHost|None|None| +|group|string|None|True|Name of the group to remove the address from|None|MaliciousAddressGroup|None|None| Example input: @@ -706,12 +706,12 @@ Example output: ## Troubleshooting - -* The certificate authentication is used solely in two actions, namely: `Add Scan Result` and `Bulk Add Scan Result`. Please remember, that the data entered into the certificate input field in the connection is required to be a base-64 encoded PKCS12 certificate file, exported from the Firepower Management Center server. The passphrase is a password created during the PKCS12 certificate file export. -* `SSL Verify` field is used by all other actions (i.e. excluding `Add Scan Result` and `Bulk Add Scan Result`), for SSL certificate verification. If the certificate is self-signed then SSL Verify should be set to `False` for those actions. + +The certificate authentication is used solely in two actions, namely: `Add Scan Result` and `Bulk Add Scan Result`. Please remember, that the data entered into the certificate input field in the connection is required to be a base-64 encoded PKCS12 certificate file, exported from the Firepower Management Center server. The passphrase is a password created during the PKCS12 certificate file export.`SSL Verify` field is used by all other actions (i.e. excluding `Add Scan Result` and `Bulk Add Scan Result`), for SSL certificate verification. If the certificate is self-signed then SSL Verify should be set to `False` for those actions. # Version History +* 2.1.3 - Bumped 'cryptography' | SDK Bump to 6.1.2 * 2.1.2 - `Block URL Policy` - Refactor the action to use local API calls | Remove vulnerable dependencies * 2.1.1 - Updated to latest SDK version | Fixed issue related to pagination * 2.1.0 - `Check if Address in Group`: Extended search for manually added literals | Added new output field `literal_objects` @@ -728,4 +728,4 @@ Example output: ## References -* [Cisco Firepower Management Center](https://www.cisco.com/c/en/us/products/security/firepower-management-center/index.html) +* [Cisco Firepower Management Center](https://www.cisco.com/c/en/us/products/security/firepower-management-center/index.html) \ No newline at end of file diff --git a/plugins/cisco_firepower_management_center/plugin.spec.yaml b/plugins/cisco_firepower_management_center/plugin.spec.yaml index 3d63e2c281..699f9d188d 100644 --- a/plugins/cisco_firepower_management_center/plugin.spec.yaml +++ b/plugins/cisco_firepower_management_center/plugin.spec.yaml @@ -7,12 +7,12 @@ vendor: rapid7 support: community status: [] description: This plugin utilizes Cisco Firepower Management Center to create URL block policies and manage address objects to block hosts -version: 2.1.2 +version: 2.1.3 connection_version: 2 supported_versions: ["6.6.0"] sdk: type: slim - version: 5 + version: 6.1.2 user: root resources: source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/plugins/cisco_firepower_management_center @@ -23,6 +23,28 @@ hub_tags: use_cases: [vulnerability_management] keywords: [firewall, cisco, firesight, firepower] features: [] +key_features: + - Create block URL policy + - Address object management to block and unblock hosts, and check if a host is already blocked +requirements: +- "Cisco Firepower Management Center server name" +- "Cisco Firepower Management Center username and password" +troubleshooting: "The certificate authentication is used solely in two actions, namely: `Add Scan Result` and `Bulk Add Scan Result`. Please remember, that the data entered into the certificate input field in the connection is required to be a base-64 encoded PKCS12 certificate file, exported from the Firepower Management Center server. The passphrase is a password created during the PKCS12 certificate file export.`SSL Verify` field is used by all other actions (i.e. excluding `Add Scan Result` and `Bulk Add Scan Result`), for SSL certificate verification. If the certificate is self-signed then SSL Verify should be set to `False` for those actions." +links: + - "[Cisco Firepower Management Center](https://www.cisco.com/c/en/us/products/security/firepower-management-center/index.html)" +references: +- "[Cisco Firepower Management Center](https://www.cisco.com/c/en/us/products/security/firepower-management-center/index.html)" +version_history: +- "2.1.3 - Bumped 'cryptography' | SDK Bump to 6.1.2" +- "2.1.2 - `Block URL Policy` - Refactor the action to use local API calls | Remove vulnerable dependencies" +- "2.1.1 - Updated to latest SDK version | Fixed issue related to pagination" +- "2.1.0 - `Check if Address in Group`: Extended search for manually added literals | Added new output field `literal_objects`" +- "2.0.1 - Fix issue in Add Address to Group action where Network Groups that had no objects would result in action failure" +- "2.0.0 - Combine Cisco Firepower and Cisco Firepower Management Center plugins" +- "1.2.0 - New actions - Check If Address in Group, Add Address to Group, Remove Address from Group" +- "1.1.0 - New actions - Create Address Object, Delete Address Object" +- "1.0.1 - New spec and help.md format for the Extension Library" +- "1.0.0 - Initial plugin" language: python types: os: diff --git a/plugins/cisco_firepower_management_center/requirements.txt b/plugins/cisco_firepower_management_center/requirements.txt index fa38f39d5e..9e6ec7c36e 100755 --- a/plugins/cisco_firepower_management_center/requirements.txt +++ b/plugins/cisco_firepower_management_center/requirements.txt @@ -3,4 +3,4 @@ # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files validators==0.22.0 parameterized==0.9.0 -cryptography==42.0.2 \ No newline at end of file +cryptography==43.0.1 \ No newline at end of file diff --git a/plugins/cisco_firepower_management_center/setup.py b/plugins/cisco_firepower_management_center/setup.py index 15f9a4c344..938e8a1de3 100755 --- a/plugins/cisco_firepower_management_center/setup.py +++ b/plugins/cisco_firepower_management_center/setup.py @@ -3,7 +3,7 @@ setup(name="cisco_firepower_management_center-rapid7-plugin", - version="2.1.2", + version="2.1.3", description="This plugin utilizes Cisco Firepower Management Center to create URL block policies and manage address objects to block hosts", author="rapid7", author_email="",