Versions Compared

Old Version 1

changes.mady.by.user Jonas Gonzalez

Saved on

compared with

New Version Current

changes.mady.by.user Jonas Gonzalez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Cisco Secure Endpoint offers cloud-delivered next-generation antivirus and advanced endpoint detection and response.

Connect Cisco Secure Endpoint with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Cisco Secure Endpoint.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Cisco Secure Endpoint API URL:Cisco Secure Endpoint API to use.

  9. Username:Username to connect to the Cisco Secure Endpoint.

  10. Password: Password to connect to the Cisco Secure Endpoint.

  11. After you've entered all the details, click Connect.

Actions for Cisco Secure Endpoint

Get Application Blocking File Lists

Get a a list of application blocking file lists.

Input Field

Choose a connection that you have previously created.

Output

JSON containing the following items:

...

Code Block
## Get File List

Get a particular file list for application blocking or simple custom detection. You need to provide a file_list_guid to retrieve information about a particular file_list.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name     | Description                                                                                      | Required |
| :------------- | :----------------------------------------------------------------------------------------------- | :------- |
| File List Guid | [Jinja-templated](doc:jinja-template) text containing file list guid. Example: {{file_list_id}}. | Required |

### Output

JSON containing the following items:


``` {json}{
  "data": {
    "name": "OUP - Application Block",
    "guid": "bdb95fbf",
    "type": "application_blocking",
    "links": {
      "details": "https://api.amp.cisco.com/v1/file_lists/bdb53/files"
    }
  },
  "version": "v1.2.0",
  "has_error": false,
  "error": null,
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/file_lists/bdb53"
    }
  }
}

Get File List Item

Fetch file list items associated with a specific file list with given file_list_guid. Example: {{file_list_id}}

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

File List Guid

Jinja-templated text containing file list guid. Example: {{file_list_id}}.

Required

Params

Jinja-templated JSON containing parameters. Example: {"limit":1}

Required

Output

JSON containing the following items:

...

Code Block
## Get File List Item Hash

Fetch file list item with a given SHA-256 and associated with file list for given file_list_guid.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name     | Description                                                                                                   | Required |
| :------------- | :------------------------------------------------------------------------------------------------------------ | :------- |
| File List Guid | [Jinja-templated](doc:jinja-template) text containing file list guid. Example: {{file_list_id}}.              | Required |
| Hash           | [Jinja-templated](doc:jinja-template) text containing sha256 hash of the list item. Example: {{sha256_hash}}. | Required |

### Output

JSON containing the following items:


``` {json}{
  "data": {
    "sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe",
    "description": "Maze Ransomware Hashes",
    "source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ",
    "links": {
      "file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf"
    }
  },
  "version": "v1.2.0",
  "has_error": false,
  "error": null,
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe"
    }
  }
}

Create File List Item

Create a file list item with a given SHA-256 for a specific file list with a given file_list_guid.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

File List Guid

Jinja-templated text containing file list guid. Example: {{file_list_id}}.

Required

Hash

Jinja-templated text containing sha256 hash of the list item. Example: {{sha256_hash}}.

Required

Output

JSON containing the following items:

{json}{ "has_error": false, "result": {} }

Release Notes

  • v1.0.1 - Initial release

Rw ui children