https://www.cisco.com/c/en_in/products/security/adaptive-security-appliance-asa-software/index.html
Cisco ASA Next-Generation Firewalls help you to balance security effectiveness with productivity. The solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services. Protect your business with superior visibility and highly effective, threat-focused defense across the entire attack continuum. It provides comprehensive visibility, reduced cost and complexity, and real-time protection from malware and emerging threats.
All Cisco ASA Next-Generation Firewalls are powered by Cisco Adaptive Security Appliance (ASA) Software, with enterprise-class stateful inspection and next-generation firewall capabilities. ASA software can also be configured to Integration with other essential network security technologies.
Install netmiko python library for this Integration
pip install netmiko
Outbound access required for github to clone the plugin
Enable ssh path for Cisco ASA firewall
| Protocol | Source IP | Source Port | Direction | Destination Domain | Destination Port |
|---|---|---|---|---|---|
| TCP | DS,CR,A10 | Any | Egress | github.com | 443 |
| TCP | DS,CR,A10 | Any | Egress | Cisco ASA FW | 443 |
Note The above rule assumes both request and response in enabled
Details of the function that can be used with the Cisco ASA is given in this section.
blocksource
unblocksource
This function allows for a IP to be blocked on the Cisco ASA firewall .
- IP address
_fetch $SrcIP from event where $Intel=True limit 1
>>_trigger api cisco-asa blocksource $SrcIP
The output of the lookup call has the following structure (for the available data)
| Field | Description |
|---|---|
| $CISCOAPIStatus | Returns Success/Failure status for blocking IP |
This function allows for an blocked IP to be released from the firewall
- IP address
_fetch $SrcIP from event limit 1
>>_trigger api cisco-asa unblocksource $SrcIP
The output of the lookup call has the following structure (for the available data)
| Field | Description |
|---|---|
| $CISCOAPIStatus | Returns Success/Failure status for releasing IP |
The Cisco ASA API is found on github at https://github.com/dnif/trigger-cisco-asa
$cd /dnif/CnxxxxxxxxxxxxV8/trigger_plugins/
git clone https://github.com/dnif/trigger-cisco-asa.git cisco-asa
-
Move to the
‘/dnif/<Deployment-key>/trigger_plugins/cisco-asa/’folder path and open dnifconfig.yml configuration fileReplace the tag: <Add_your_cisco-asa_*> with your Cisco ASA details
trigger_plugin:
CISCOASA_USER: <Add_your_cisco-asa_username>
CISCOASA_PASS: <Add_your_cisco-asa_password>
CISCOASA_SECRET: <Add_your_cisco-asa_enablepass/secret>
CISCOASA_GROUP: <Add_your_cisco-asa_block>
CISCOASA_FWIP: <Add_your_cisco-asa_firewall_IP>