Qodex.ai

Cisco Secure APIs

Number of APIs: 32

The main goal of this collection to help the developer understand the various API capabilities of Cisco NGFW, Advanced Malware Protection, Threat Grid, , ISE and Umbrella. It will cover useful API features for each of the products and how to properly use them. Simple workflow is also included in the collection to Collect all the characteristics/signatures behindΒ the possible attack using AMP. Validate the collected intelligence with Threat Grid and Umbrella. Deploy the intelligence to the NGFW, Umbrella and ISE to protect and contain the threat.

  1. API Workflow - 1.) Find all events where Malware Executed GET https://{{amp4e_client_id}}:{{amp4e_api_key}}@{{amp4e_host}}/v1/events?connector_guid[]={{amp4e_computer}}&event_type[]=1107296272

  2. API Workflow - 2.) Find Endpoint Details for Remediation GET https://{{amp4e_client_id}}:{{amp4e_api_key}}@{{amp4e_host}}/v1/computers

  3. API Workflow - 4.) Find samples in Threat Grid GET https://{{threatgrid_host}}/api/v2/samples/search?checksum_sample={{threatgrid_sha}}&api_key={{threatgrid_key}}

  4. API Workflow - 5.) Get all sample domains to analyze GET https://{{threatgrid_host}}/api/v2/samples/feeds/domains?sample={{threatgrid_sample_id}}&after=2017-02-01&api_key={{threatgrid_key}}

  5. NGFW - Add custom intelligence feed POST https://{{fmc_hostname}}/api/fmc_tid/v1/domain/{{fmc_domain}}/tid/source

  6. API Workflow - 6.) Check all domains against Investigate POST https://investigate.api.umbrella.com/domains/categorization/

  7. API Workflow - 8.) Enforce on bad Domains in Umbrella POST https://{{umbrella_host}}/1.0/events?customerKey={{umbrella_key}}

  8. API Workflow - 9.) Research other Ransomware Domains to protect GET https://{{threatgrid_host}}/api/v3/feeds/ransomware-dns_2017-12-08.stix?api_key={{threatgrid_key}}

  9. API Workflow - Generate Authentication Token Copy POST https://{{fmc_hostname}}/api/fmc_platform/v1/auth/generatetoken

  10. API Workflow - 10.) Add custom intelligence Feed into FMC POST https://{{fmc_hostname}}/api/fmc_tid/v1/domain/{{fmc_domain}}/tid/source