SecureX Orchestrator Atomic Actions for Cisco Defense Orchestrator (CDO)
NOTE: Some atomic actions in this repository make use of CDO's REST API & not the official GraphQL-based Public API. Whilst the atomics that use the REST API aren't an officially supported methodology to programmatically interact with CDO, these endpoints are the same as what the CDO GUI uses and therefore, considered stable and suitable for use, especially in cases where the GraphQL-based Public API may not support certain methods.
Additional Resources:
In this repository, you'll find the following atomics:
Purpose: This atomic action makes use of CDO's REST API to run a CLI command on an ASA
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply the ASA's UID and the command to run as inputs
- The output of this atomic action is the CLI response of the command as seen on the device
Purpose: This atomic action makes use of CDO's REST API to create an Access List on CDO with an associated Network Object Group
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply Input Variables (all variables have descriptions in-line)
- Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID of the Access Group created)
- The output of this atomic action is the UID of the Access Group created
Purpose: This atomic action makes use of CDO's REST API to delete unused Object Groups on CDO by their UIDs
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply a comma-separated list of UIDs of objects to delete - ensure these objects are not already associated with any devices
- If this atomic action runs successfully, a successful response was received from CDO
Purpose: This atomic action makes use of CDO's REST API to launch a deployment job on CDO
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply the device UID of a device with one or more staged changes
- The output of this atomic action is the UID of the CDO job launched
Purpose: This atomic action makes it possible to use GraphQL with SXO's Web Service Adapter
Steps to use:
- Create a target https://edge.us.cdo.cisco.com
- Input CDO API Token to this workflow
- Supply GraphQL query from API docs
Purpose: This atomic action makes it possible to use GraphQL to retrieve an Object Group's UID given it's name with SXO's Web Service Adapter
Steps to use:
- Create a target https://edge.us.cdo.cisco.com
- Input CDO API Token to this workflow
- Supply the name of the object group to search for (by default, only the first match is returned)
- The output of this atomic action is the UID of the object group
Purpose: This atomic action makes use of CDO's REST API to monitor a deployment job on CDO
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply the job UID as input (optional)
- The output of this atomic action is the status of a job on CDO. If no job UID is supplied, the output is the overall status of all jobs on CDO.
Purpose: This atomic action makes it possible to use GraphQL to create a new object group on CDO with SXO's Web Service Adapter
Steps to use:
- Create a target https://edge.us.cdo.cisco.com
- Input CDO API Token
- Supply input variables
- Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID)
- The output of this atomic action is the UID of the object group created
Purpose: This atomic action makes use of CDO's REST API to create a new service object on CDO
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply the protocol, object name, description, source/destination ports for the service object as applicable
- The output of this atomic action is the UID of the Service Object created
Purpose: This atomic action makes it possible to use GraphQL to query devices by either name, IP address, serial, or interfaces with SXO's Web Service Adapter
Steps to use:
- Create a target https://edge.us.cdo.cisco.com
- Input CDO API Token
- Supply Search Term
- Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID)
- The Output of this workflow is a list of Device UIDs (could be one or more based on search term)
Purpose: This atomic action makes use of CDO's REST API to terminate VPN sessions across all devices given a User's ID
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply the User's ID input
- Successful execution of this atomic action indicates successful termination of VPN sessions for the given User ID
Purpose: This atomic action makes it possible to use GraphQL to update an object group on CDO with SXO's Web Service Adapter.
Steps to use:
- Create a target https://edge.us.cdo.cisco.com
- Input CDO API Token
- Supply input variables
- Tweak "Parse Response" JSONPath Query to pick out an attribute (by default, UID)
- The output of this atomic action is a comma-separated string of UIDs of all affected devices that are mapped to the updated object group
Purpose: This atomic action makes use of CDO's REST API to update an existing object group on CDO. Use only in case there are issues with updating the object group via the GraphQL atomic.
NOTE: This atomic will replace/overwrite all parameters. If you wish to append to existing configuration, you must include existing configuration in your input to this atomic.
Steps to use:
- Create a target for the CDO REST API: https://www.defenseorchestrator.com/aegis/rest/v1/
- Input CDO API Token to this workflow
- Supply the UID of Object Group to update and other parameters as applicable (CIDR List, Name, Description)
- The output of this atomic action is a comma-separated string of UIDs of all affected devices that are mapped to the updated object group
Contributors:
- Aman Sardana (amasarda@cisco.com)
- Anant Nambiar (ananambi@cisco.com)
Cisco CX Managed Services - Operate, May 2021