Cisco Secure Endpoint
- Jonas Gonzalez
Cisco Secure Endpoint offers cloud-delivered next-generation antivirus and advanced endpoint detection and response.
Connect Cisco Secure Endpoint with Devo SOAR
Navigate to Automations > Integrations.
Search for Cisco Secure Endpoint.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Cisco Secure Endpoint API URL:Cisco Secure Endpoint API to use.
Username:Username to connect to the Cisco Secure Endpoint.
Password: Password to connect to the Cisco Secure Endpoint.
After you've entered all the details, click Connect.
Actions for Cisco Secure Endpoint
Get Application Blocking File Lists
Get a a list of application blocking file lists.
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
``` {json}{ "data": [ { "name": "OUP - Application Block", "guid": "bdb9581853", "type": "application_blocking", "links": { "file_list": "https://api.eu.amp.cisco.com/v1/file_lists/bf76c3" } }, { "name": "Test-Blocklist", "guid": "a88ab591", "type": "application_blocking", "links": { "file_list": "https://api.eu.amp.cisco.com/v1/file_lists/a88530" } } ], "version": "v1.2.0", "has_error": false, "error": null, "metadata": { "links": { "self": "https://api.eu.amp.cisco.com/v1/file_lists/application_blocking" }, "results": { "total": 2, "current_item_count": 2, "index": 0, "items_per_page": 500 } } }
## Get File List
Get a particular file list for application blocking or simple custom detection. You need to provide a file_list_guid to retrieve information about a particular file_list.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :------------- | :----------------------------------------------------------------------------------------------- | :------- |
| File List Guid | [Jinja-templated](doc:jinja-template) text containing file list guid. Example: {{file_list_id}}. | Required |
### Output
JSON containing the following items:
``` {json}{
"data": {
"name": "OUP - Application Block",
"guid": "bdb95fbf",
"type": "application_blocking",
"links": {
"details": "https://api.amp.cisco.com/v1/file_lists/bdb53/files"
}
},
"version": "v1.2.0",
"has_error": false,
"error": null,
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/file_lists/bdb53"
}
}
}Get File List Item
Fetch file list items associated with a specific file list with given file_list_guid. Example: {{file_list_id}}
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
File List Guid | Jinja-templated text containing file list guid. Example: {{file_list_id}}. | Required |
Params | Jinja-templated JSON containing parameters. Example: {"limit":1} | Required |
Output
JSON containing the following items:
``` {json}{ "data": { "sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe", "description": "Maze Ransomware Hashes", "source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ", "links": { "file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf" } }, "version": "v1.2.0", "has_error": false, "error": null, "metadata": { "links": { "self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe" } } }
## Get File List Item Hash
Fetch file list item with a given SHA-256 and associated with file list for given file_list_guid.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :------------- | :------------------------------------------------------------------------------------------------------------ | :------- |
| File List Guid | [Jinja-templated](doc:jinja-template) text containing file list guid. Example: {{file_list_id}}. | Required |
| Hash | [Jinja-templated](doc:jinja-template) text containing sha256 hash of the list item. Example: {{sha256_hash}}. | Required |
### Output
JSON containing the following items:
``` {json}{
"data": {
"sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe",
"description": "Maze Ransomware Hashes",
"source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ",
"links": {
"file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf"
}
},
"version": "v1.2.0",
"has_error": false,
"error": null,
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe"
}
}
}Create File List Item
Create a file list item with a given SHA-256 for a specific file list with a given file_list_guid.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
File List Guid | Jinja-templated text containing file list guid. Example: {{file_list_id}}. | Required |
Hash | Jinja-templated text containing sha256 hash of the list item. Example: {{sha256_hash}}. | Required |
Output
JSON containing the following items:
{json}{
"has_error": false,
"result": {}
}
Release Notes
v1.0.1- Initial release