Cisco Q3 SE Hack - Hawk

Correlate administrators across the Cisco product portfolio to detect anomalies and changes to role-based access control.

published

What

Hawk is a Django based SaaS security tool, which displays administrators in the Cisco Portfolio. Monitoring Administators typically has been a manual task, which is prone to human error and miscommunication. The goal is to simplify this for SecOps teams, enabling them to monitor who has R/W access.

alt text
alt text
alt text

Assumptions

  1. Python 3 is installed.
  2. Have an Auth0 account for SSO.
  3. DUO 2FA is recommended.
  4. API Access to any products you'd like to integrate.

Deploy

Step One

Hawk has a number of dependencies, you can install these from the requirements.txt file.

(./) pip install -r requirements.txt

Step Two

Hawk makes use of a number of enviroment variables, you'll need to populate these in your deployment enviroment. You can create a .env file (./sehack/sehack/.env) and place these enviroment variables inside that file.

django_key = RANDOM_STRING_HERE
auth0_domain = DOMAIN FROM AUTH0
auth0_key = KEY FROM AUTH0
auth0_secret = SECRET FROM AUTH0

Step Three

Hawk makes use of a SQLite server for API key retention, you will need to execute a Django Migration for this to function correctly.

python manage.py migrate

Step Four

You can use the in-built Django Web-Server, however it is recommended to use a production ready web-server.

(./sehack) python manage.py runserver 3000

Step Five

Auth0 has a number of steps to validate authetnication requests, you will need to upload the domain you are running the server from to your auth0 Dashboard, you can find out more about this here.

Other

Supported Products

We currently support as small subset of Cisco Security Products, you can find these below.

  1. Meraki Dashboard
  2. Identity Services Engine
  3. Cisco SD-WAN (Formerly Viptela)
  4. Umbrella
  5. Duo (Roadmap)
  6. WebEx (Roadmap)
View code on GitHub
  • Owner

  • Contributors

    +2Github contributors
  • Categories

  • Products

    Meraki
  • Programming Languages

    HTML
  • License

    Other

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.