FMC Intrusion Policy Management

Tools for exporting, editing, and bulk-applying Cisco Firepower Management Center (FMC) intrusion policy rules.

Scripts

Script	Version	Dependencies	Description
`fmc_intrusion_policy_exporter.py`	v1.0.0	requests, tqdm	CLI exporter — exports intrusion policy rules to CSV
`fmc_intrusion_policy_exporter_v2.py`	v2.0.0	stdlib only	Optimized CLI exporter — no third-party libraries
`fmc_intrusion_policy_exporter_ui.py`	v3.0.0	stdlib only	Web UI — full round-trip: export, edit, diff, and bulk apply

python3 fmc_intrusion_policy_exporter_ui.py

This starts a local web server on http://127.0.0.1:8080 and opens your browser automatically.

To use a custom port:

python3 fmc_intrusion_policy_exporter_ui.py 9090

v2 (no dependencies):

python3 fmc_intrusion_policy_exporter_v2.py

v1 (requires requests and tqdm):

pip install -r requirements.txt
python3 fmc_intrusion_policy_exporter.py

The web interface provides a 5-step wizard:

Connect — Enter FMC host, username, and password to authenticate.
Select Policy — Choose an intrusion policy from the list. Displays FMC server version info.
Export — Download all rules for the selected policy as a CSV file.
Upload CSV — Upload a modified CSV. The tool diffs it against the baseline and shows changes.
Review & Apply — Review the pending changes and bulk-apply them to FMC.

You can also import a CSV directly (skipping export) to apply changes from a previously saved file.

The exported CSV contains these columns:

Column	Description
Rule ID	Unique rule identifier (GID:SID:Rev)
Name	Rule name
Default State	Current rule action for the selected policy (e.g., ALERT, DROP, DISABLED)
Message	Rule description/message
Rule Data	Raw Snort rule text

To modify rule states, edit the Default State column and upload the CSV back.

The v1 CLI script additionally requires requests and tqdm (install via pip install -r requirements.txt or python3 requirements.py).

Anupam Pavithran (anpavith@cisco.com)