forked from phantomcyber/playbooks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ciscoasa_app.py
51 lines (30 loc) · 1.27 KB
/
ciscoasa_app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
"""
This playbook runs all the CiscoASA actions one by one.
"""
import phantom.rules as phantom
import json
def unblock_ip_cb(action, success, incident, results, handle):
if not success:
return
return
def block_ip_cb(action, success, incident, results, handle):
if not success:
return
phantom.act('unblock ip', parameters=[{ "dest" : "10.10.10.2", "access-list" : "inside_access_in", "direction" : "in", "interface" : "inside", "src" : "any" }], assets=["ciscoasa"], callback=unblock_ip_cb)
return
def get_config_cb(action, success, incident, results, handle):
if not success:
return
phantom.act('block ip', parameters=[{ "src" : "any", "direction" : "in", "dest" : "10.10.10.2", "access-list" : "inside_access_in", "interface" : "inside" }], assets=["ciscoasa"], callback=block_ip_cb)
return
def get_version_cb(action, success, incident, results, handle):
if not success:
return
phantom.act('get config', parameters=[{ }], assets=["ciscoasa"], callback=get_config_cb)
return
def on_start(incident):
phantom.act('get version', parameters=[{ }], assets=["ciscoasa"], callback=get_version_cb)
return
def on_finish(incident, summary):
phantom.debug("Summary: " + summary)
return