Cisco Firepower Management Center

Integration version: 6.0

Configure Cisco Firepower Management Center integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Parameter Type Default value Mandatory Description
API Root String N/A Yes API root of the Cisco Firepower Management Center instance.
Username String N/A Yes The email address of the user.
Password String N/A Yes The user account password.
Verify SSL Checkbox Checked No If enabled, verifies if the SSL certificate for the connection to the Cisco Firepower Management Center server is valid.

Actions

Block Address

Block an IP address by assigning it to a network group attached to a policy

Parameters

Parameter Name Type Default Value Description
Network Group Name String N/A Network object name.

Use cases

N/A

Run On

This action runs on the IP Address entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result

N/A

Block Port

Block a port that is assigned to a port group that is attached to a policy.

Parameters

Parameter Name Type Default Value Description
Port Group Name String N/A Name of the port object group.
Port String N/A

Port to block

Example: 9856

Port Protocol String N/A

Target port protocol

Example: TCP

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result

N/A

Block URL

Block the URL by assigning it to a set of URLs attached to it.

Parameters

Parameter Name Type Default Value Description
URL Group Name String N/A URL group object name.

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result

N/A

Get Addresses List by Name

Get a list of blocked addresses by its name in a particular group of networks.

Parameters

Parameter Name Type Default Value Description
Network Group Name String N/A The name of the needed network group.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
addresses_list True/False addresses_list:False
JSON Result

N/A

Get Ports List by Name

Get a list of blocked ports by its name for a particular group.

Parameters

Parameter Name Type Default Value Description
Port Group Name String N/A The name of the needed ports group.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
ports_list N/A N/A
JSON Result

N/A

Get URL List by Name

Get a list of URLs by its name from a specific group.

Parameters

Parameter Name Type Default Value Description
URL Group Name String N/A The name of the needed URL group.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
urls_list N/A N/A
JSON Result

N/A

Ping

Test Connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is succeed True/False is_succeed:False
JSON Result

N/A

Unblock Address

Unblock an address in Cisco Firepower.

Parameters

Parameter Name Type Default Value Description
Network Group Name String N/A Network object name.

Use cases

N/A

Run On

This action runs on the IP Address entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result

N/A

Unblock Port

Remove a port from a group of blocked ports.

Parameters

Parameter Name Type Default Value Description
Port Group Name String N/A Name of the port object group.
Port String N/A

Target port

Example: 9856

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result

N/A

Unblock URL

Remove a URL from a group of blocked URLs.

Parameters

Parameter Name Type Default Value Description
URL Group Name String N/A URL group object name.

Use cases

N/A

Run On

This action runs on the URL entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_succeed True/False is_succeed:False
JSON Result

N/A