Skip to main content

We have started to do some testing with FN. In our AWS network, we are using Cisco Firepower Threat Defense (FTD) devices managed by Firepower Management Console (FMC). FN is able to connect to an FTD and retrieve device details but does not support retrieval from FMC.

In our network, for complicated routing reasons, we can’t easily enable FN to connect to our FTD instances. I can, however, provide a URL that will retrieve all the information from FMC. I would like to configure an “HTTP(S) external source” to provide that info. What I cannot figure out, however, is the required format for the data to that is returned by the URL GET. The document just states that FN will “infer” the schema. In my case, there’s no inference needed. I am writing the code that will return the info. I can format the data however FN needs it.

For those who care about the details, the implementation is an AWS Lambda function that connects to the FMC REST API and returns the info. An AWS API gateway provides the URL.

The external sources format can be CSV, JSON, or just plain text.  The inference it mentions is whatever the content-type is set to - either application/json or text/csv

 

If it is structured data, NQE will nest that to whatever your data model is set to.  Plain text is parseable as its own key in NQE.

 

Also, as a lambda function - if you are collecting from AWS that is indexed in Forward as an inventory/searchable function.

 

Let me know if that helps - thanks!

Reply


Badge winners

Show all badges
Terms of UseCookie settings