The main purpose for this project it's to keep the SOC team updated if there's a computer with a problem in the AMP connector. It was specially designed for Servers, because servers generally keep running 24/7 so basically the Anti Malware Solution should not stop running.
Pro tips:
- Code Exchange displays the first few content lines of your README in the tile it creates for your repo. If you enter a GitHub Description, Code Exchange uses that instead.
- Code Exchange works best with READMEs formatted in GitHub's flavor of Markdown. Support for reStructuredText is a work in progress.
Other things you might include:
- Technology stack: Python, Cisco AMP, Cisco SecureX.
- Status: 1.0
- Screenshot: None
Sample:
No Sample.
IMAGE
This automation workflow it's being used for gathering information from Cisco AMP, performing audits and check if server devices has any outdated or amp not running. It runs everyday day morning and if there's an issue a message is sent to Webex Teams
Sample:
No Sample:
- None.
- None. ...
Detailed instructions on how to install, configure, and get the project running. Call out any dependencies. This should be frequently tested and updated to make sure it works reliably, accounts for updated versions of dependencies, etc.
Sample:
Copy json file
git clone https://github.com/vagner-instructor/public/tree/b53627d92ac84543867af4bba436c3cab5b68668/CISCO/SECURITY/SXOGo to your SecureX and import as a new Workflow the content in the following json file:
Vagner-Pb0001-Sxo-Amp-Outdated-Webex.json
You'll need:
-
CISCO AMP API
-
Webex Teams API
-
Cisco AMP GROUP GUID
You can edit the message sent to SOC, but it's a general message
Open Cisco SecureX Go to Automate Go to Import as Workflow Copy the Content from json file (Vagner-Pb0001-Sxo-Amp-Outdated-Webex.json) Select Import as a Clone Edit the Variable asked puting Cisco AMP API, Webex Bot API and Cisco AMP GROUP GUID.
Sample:
None
None
None
Provide a link to a related DevNet Sandbox: None
None
None
None
None
If you're seraching for help please e-mail me [email protected]
None
None
Information below can help you make your repo meet our requirements and be more useful to others.
- Manage sensitive data for scripts. For example, store passwords/API keys and other sensitive data in
env.pyor parse them as arguments. In Python, you can use ConfigParser for applications and programs to encrypt sensitive data in your database. - Include in the Installation section how to run your script for different OS like Windows/macOS/Linux.
- Print usage if you run the script or program without any input data (support -h -help flags).
- Catch an error and print useful information in the console and interface.
- Add error management to handle if users miss some parameters or add them in the wrong format.
- Add links for resources where users can test code/app. For example, add links DevNet sandboxes (Always-on or reservable). You can find a list of all available sandboxes here https://devnetsandbox.cisco.com/RM/Topology.
- Add links where users can download and how to install additional soft/app/libraries that are needed to run your code. For example, an installer for Python, node, and so on.
- Add a NOTICE file with copyright if you use GPLv3 or Apache 2.0 license (sample NOTICE file).
- Dockerize app or part of an app like server/client.
- At the top of the
Readme.mdfile add a hash symbol and the full use case name to create a useful Readme title. As an example, write# Devicebanner, updates the banner motd on a network deviceinstead of just 'devicebanner'. - If your repo is connected with Cisco SecureX orchestration workflow, please check if your workflow or atomic action conforms to their best practices using this tool.
- Use Scorecard as an easy way to judge whether dependencies in your open source project are safe.
- Use low quality screenshots.
- Users need to rename some files like
variables_template.py. - Users need to include credentials in source files.
- Don’t describe in which format users need to type or paste in file API endpoint or server IP. For example, sometimes devs write in code api_endpoint = “https://" + IP +"/", such that users need to paste the IP only without a slash at the end or a protocol specification. Please clarify this information in README.