published

Sharing Duo User Context (IP & HostProfile) to Cisco Firepower Management Center

This repo contains a Python & Perl scripts to grab User context information, IP & Host profile, from a Duo Security authentification and share this with Cisco FMC.
image


image


image

Please contact me at alexandre@argeris.net, if you have any questions or remarks. If you find any bugs, please report them to me, and I will correct them.

VARIABLES TO MODIFY BEFORE RUNNING THE SCRIPT

parameters.json need to be modify before running the script.

image

How to create a FMC user with API role

Add a new role.

image

Add a new user

image

Perl script for Host Input (FMC) communications

This script is based on the AMP4e-to-FMC-Host-Input-Script available on cisco.com

https://software.cisco.com/download/home/286259687/type/286271057/release/Host%20InputNote

These files are of 'FMC Host Input API SDK'as-it-is downloaded from CCO without any modifications.

sf_host_input_agent.pl

SFCheckPreReq.pm

SFHIclient.pm

SFHIlog.pm

SFHostInputAgent.pm

SFPkcs12.pm

InputPlugins\csv.pm

CLONING THE REPO

git clone https://github.com/tekgourou/Duo_User-Context-Mapping_to_FMC.git

cd Duo_User-Context-Mapping_to_FMC/scripts

python3 -m venv venv

source venv/bin/activate

pip3 install -r requirements.txt

Prerequisites

This tool use python to establish communications with Duo Admin API and pull the context informations for all athentifications. The REST VDI API is use to share Duo User/IP mapping to FMC.

Then the tool uses perl to establish communications with FMC to add host profile collected earlier to the Hostprofile in FMC.

Python Modules

duo_client (https://pypi.org/project/duo-client/)

requests

tinydb

Duo Admin API key

You will need to get your Duo Admin API key from the Duo Admin Portal.
https://duo.com/docs/adminapi

FMC Host Input API client certificate

File (xxxxxx.pkcs12) generated from FMC, downloaded in this script's local directory.
To generate the certificate, login to FMC Web GUI and navigate to System -> Integrations -> Host Input Client-> CreateClient->give the IP address of your HOST and DO NOT GIVE a password-> Save. Download the pkcs12file in this script's local directory.

Running this script

Before running the following command ensure that all prerequisites are met and run it in the script directory loaded.
To run the tool simply execute:

python3.6 Duo_to_FMC.py

My suggestion is to run the script with crontab (linux) or Task Scheduler (Microsoft) every 5 minutes.

All the activities of the script are logged to a file called AUDIT.log file. The file is not over-written, only appended. This includes all INFO and ERROR messages.

image

View code on GitHub

  • Owner

    ttekgourou

  • Contributors

    +1Github contributor

  • Categories

  • Products

    DuoFirepower

  • Programming Languages

    Perl

  • License

    Apache License 2.0
Related code repos

    Code Exchange Community

    Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
    Disclaimer:
    Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.