This repository is deprecated; please follow the main search page or use the ‘Related code repos’ widget on the right side of the current page.

Cisco Secure Workload aka Tetration - SecureX Workflows

These workflows can be downloaded as JSON files, and imported into Cisco Secure-X orchestrator. The value of these is that you can quickly push malicious IP addresses, or malicious hashes from a Secure-X incident or casebook into Cisco Secure Workload as an inventory filter. These inventory filters can be used within Secure Workload policies in order to quickly block possible malicious traffic within your organization, and/or group workloads that may be running processes with known malicious hashes in order to segement them off from the rest of the infrastructure until the processes are dealt with.

Quick Video!

Pre-Requisites:

  • Create an inventory filter within Secure Workload for Malicious IP addresses, and note the filter-ID
  • Create an inventory filter within SEcure Workload for Malicious hashes, and note the filter-ID
  • Create an API key from within Cisco Secure Workload for use within the workflow(s)

In Cisco SecureX

  • Click into the 'orchestration' tab within the SecureX header (if you have not already, you may have to request this feature)
  • Import the workflow by clicking 'import' within the orchestration splash screen
  • Open the Workflow and click on the 'start' circle
  • On the right-hand side (you may need to scroll down) fill in the variables with your information (see picture below)
  • If you dont know your inventory filter id, simply open the CSW UI, and open that inventory filter. It will be the value in the URL after '?filter_id='

After importing, and filling in your variable information, you should be able to run these from UI's like SecureX, Cisco Cloud Analytics, Threat Response, and any webpage that you have running with the SecureX ribbon! See the video in this readme for an example!

See how here!

View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.