sxo_secops_workflow
Automated SecOps workflow with Policy Enforcement Verification
This workflow will serve as an example of a SecOps workflow that includes automated remediation via Cisco Umbrella (block C2 domain), Cisco ThousandEyes (policy enforcement verification) Cisco Duo (disable user), Cisco SecureX (create casebook) and Cisco Webex (send notification). One could easily add/replace other solutions as well.
Check this Youtube demo for more info.
Note: Please test this properly before implementing in a production environment. This is a sample workflow!
Required Targets and API Keys
Setup instructions
- Browse to your SecureX orchestration instance. This wille be a different URL depending on the region your account is in:
- US: https://securex-ao.us.security.cisco.com/orch-ui/workflows/
- EU: https://securex-ao.eu.security.cisco.com/orch-ui/workflows/
- APJC: https://securex-ao.apjc.security.cisco.com/orch-ui/workflows/
Import atomic actions
- In the left pane menu, select Workflows. Click on IMPORT to import the workflow:
- Click on Browse and copy paste the content of the sxo_secops_workflow.json file inside of the text window. Select IMPORT AS A NEW WORKFLOW (CLONE) and click on IMPORT.
Import main workflow
-
In the left pane menu, select Workflows. Click on IMPORT to import the workflow.
-
Click on Browse and copy paste the content of the sxo_secops_workflow.json file inside of the text window. Select IMPORT AS A NEW WORKFLOW (CLONE) and click on IMPORT.
-
Next you will need to update targets / account keys and setting a trigger to run the workflow.
Notes
- Please test this properly before implementing in a production environment. This is a sample workflow!
Author(s)
- Christopher van der Made (Cisco)
Use Case
SecureX orchestration workflow repository
- SecureX orchestration provides a no-to-low code approach for building automated workflows.
- These workflows can interact with various types of resources and systems, whether they’re from Cisco or a third-party.
- This repository contains atomic actions and workflows that can be imported into SecureX orchestration as well as a variety of documentation.
- This workflow will serve as an example of a SecOps workflow that includes automation remediation via Cisco Umbrella (block C2 domain), Cisco ThousandEyes (policy enforcement verification) Cisco Duo (disable user), Cisco SecureX (create casebook) and Cisco Webex (send notifcation). One could easily add/replace other solutions as well.
Business Case
Service-oriented orchestration provides the agility to model and act on IT services. These features make creating orchestration active and dynamic, and allow for:
- Defining new, higher-level services in the system, and deploy new services quickly.
- In real-time, after these new types of services have been defined, creating real-time instances of those new services.
- Using events to watch for patterns in these services, enabling policy-driven automation.
- Service-oriented Orchestration combines several industry trends to synthesize a fresh approach to orchestration:
Please continue your reading in this white paper.
Related Sandbox
Currently there is no DevNet sandbox yet, however you can find all options to try out SecureX orchestration here!
List of SecureX Learning Labs
- Please try out this SecureX DevNet learning lab to try this yourself.
- Please also check out the SecureX microsite on DevNet!
Solutions on Ecosystem Exchange
Please check out related solutions on DevNet Ecosystem Exchange.
Owner
Contributors
Github contributorCategories
Products
UmbrellaThousandEyesDuoWebexProgramming Languages
License
Other
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View CommunityCisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.