Cisco Umbrella Enforcement

This package provides three functional integrations with Resilient:

• Get a list of domains added to the customer list

• Add a domain to a customer list

• Remove a domain from a customer list

Installation

This template project was generated by

resilient-circuits codegen -p fn_cisco_enforcement [-f get_domains event delete_domain] [-w cisco_add_domain cisco_delete_domain cisco_get_domains]

To install in “development mode”

pip install -e ./fn_cisco_enforcement/

To package for distribution,

python ./fn_cisco_enforcement/setup.py sdist

The resulting .tar.gz file can be installed using

pip install <filename>.tar.gz

To uninstall,

pip uninstall fn_cisco_enforcement

Add configuration details to the Resilient config file:

resilient-circuits configure -u

Set the following values in the config file under the [fn_cisco_enforcement] section:

url=https://s-platform.api.opendns.com/1.0
api_token=xxxxxx-xxxx-xxxxx-xxxx-xxxxxxx
# Uncomment to specify proxies needed
#https_proxy=
#http_proxy=

How to use the function

1. Start Resilient Circuits with: resilient-circuits run

2. In the Resilient platform, add and save the ‘Cisco Enforcement’ datatable to the Artifact tab

3. The manual ‘Cisco Get Domains’ incident rule will populate the Cisco Enforcement datatable

4. The manual ‘Cisco Add Domain’ artifact rule will add the domain to Cisco Umbrella

5. From datatable rows populated from the ‘Cisco Get Domains’ menu item, the ‘Cisco Delete Domain’ will remove the domain from Cisco Umbrella