This package provides three functional integrations with Resilient:
- Get a list of domains added to the customer list
- Add a domain to a customer list
- Remove a domain from a customer list
This template project was generated by
resilient-circuits codegen -p fn_cisco_enforcement [-f get_domains event delete_domain] [-w cisco_add_domain cisco_delete_domain cisco_get_domains]
To install in "development mode"
pip install -e ./fn_cisco_enforcement/
To package for distribution,
python ./fn_cisco_enforcement/setup.py sdist
The resulting .tar.gz file can be installed using
pip install <filename>.tar.gz
To uninstall,
pip uninstall fn_cisco_enforcement
Add configuration details to the Resilient config file:
resilient-circuits configure -u
Set the following values in the config file under the [fn_cisco_enforcement] section:
url=https://s-platform.api.opendns.com/1.0
api_token=xxxxxx-xxxx-xxxxx-xxxx-xxxxxxx
# Uncomment to specify proxies needed
#https_proxy=
#http_proxy=
-
Start Resilient Circuits with:
resilient-circuits run -
In the Resilient platform, add and save the 'Cisco Enforcement' datatable to the Artifact tab
-
The manual 'Cisco Get Domains' incident rule will populate the Cisco Enforcement datatable
-
The manual 'Cisco Add Domain' artifact rule will add the domain to Cisco Umbrella
-
From datatable rows populated from the 'Cisco Get Domains' menu item, the 'Cisco Delete Domain' will remove the domain from Cisco Umbrella