Duo_User-Context-Mapping_to_FMC
Sharing Duo User Context (IP & HostProfile) to Cisco Firepower Management Center
This repo contains a Python & Perl scripts to grab User context information, IP & Host profile, from a Duo Security authentification and share this with Cisco FMC.
Please contact me at alexandre@argeris.net, if you have any questions or remarks. If you find any bugs, please report them to me, and I will correct them.
VARIABLES TO MODIFY BEFORE RUNNING THE SCRIPT
parameters.json need to be modify before running the script.
How to create a FMC user with API role
Add a new role.
Add a new user
Perl script for Host Input (FMC) communications
This script is based on the AMP4e-to-FMC-Host-Input-Script available on cisco.com
https://software.cisco.com/download/home/286259687/type/286271057/release/Host%20InputNote
These files are of 'FMC Host Input API SDK'as-it-is downloaded from CCO without any modifications.
sf_host_input_agent.pl
SFCheckPreReq.pm
SFHIclient.pm
SFHIlog.pm
SFHostInputAgent.pm
SFPkcs12.pm
InputPlugins\csv.pm
CLONING THE REPO
git clone https://github.com/tekgourou/Duo_User-Context-Mapping_to_FMC.git
cd Duo_User-Context-Mapping_to_FMC/scripts
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt
Prerequisites
This tool use python to establish communications with Duo Admin API and pull the context informations for all athentifications. The REST VDI API is use to share Duo User/IP mapping to FMC.
Then the tool uses perl to establish communications with FMC to add host profile collected earlier to the Hostprofile in FMC.
Python Modules
duo_client (https://pypi.org/project/duo-client/)
requests
tinydb
Duo Admin API key
You will need to get your Duo Admin API key from the Duo Admin Portal.
https://duo.com/docs/adminapi
FMC Host Input API client certificate
File (xxxxxx.pkcs12) generated from FMC, downloaded in this script's local directory.
To generate the certificate, login to FMC Web GUI and navigate to System -> Integrations -> Host Input Client-> CreateClient->give the IP address of your HOST and DO NOT GIVE a password-> Save. Download the pkcs12file in this script's local directory.
Running this script
Before running the following command ensure that all prerequisites are met and run it in the script directory loaded.
To run the tool simply execute:
python3.6 Duo_to_FMC.py
My suggestion is to run the script with crontab (linux) or Task Scheduler (Microsoft) every 5 minutes.
All the activities of the script are logged to a file called AUDIT.log file. The file is not over-written, only appended. This includes all INFO and ERROR messages.
Owner
Contributors
Github contributorCategories
Products
DuoSecure FirewallProgramming Languages
PerlLicense
Apache License 2.0
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View CommunityCisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.