rapid7 · mrinehart-r7 · Nov 2, 2021 · Aug 29, 2021 · Sep 3, 2021 · Sep 3, 2021
@@ -1,12 +1,16 @@
 {
-	"spec": "f42e20a913cfe638a9c2793035fa079e",
-	"manifest": "6ab898bbdce4d40bf420002e5162b9ac",
-	"setup": "eca16a8087075a1120ff61fa5f217c5e",
+	"spec": "64fb87c7d1f66aefd4e7f7614a19f9af",
+	"manifest": "e2419ec1df006ce82cf0909b1bb65bff",
+	"setup": "48492ed5afb320410fc6d17a1ca24f07",
 	"schemas": [
 		{
 			"identifier": "add_address_to_group/schema.py",
 			"hash": "28866c00bc5f8c943458f0b6c5176647"
 		},
+		{
+			"identifier": "block_host/schema.py",
+			"hash": "74aeff1b3af9a4b757210a741b75bb29"
+		},
 		{
 			"identifier": "check_if_address_object_in_group/schema.py",
 			"hash": "6ab78079cdba4b3af229361568ba0a1a"
@@ -19,6 +23,10 @@
 			"identifier": "delete_address_object/schema.py",
 			"hash": "379b6330742e8b45c24a532b2d03253c"
 		},
+		{
+			"identifier": "get_blocked_hosts/schema.py",
+			"hash": "2a0caee8d3b1264280da82fceb3d0bba"
+		},
 		{
 			"identifier": "remove_address_from_group/schema.py",
 			"hash": "fa9a4bbca8b9b526d23c7f0e02727360"

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Cisco Adaptive Security Appliance"
 Vendor = "rapid7"
-Version = "1.4.2"
+Version = "1.5.0"
 Description = "The Cisco ASA plugin allows you to automate the management of network objects"
 
 
@@ -36,12 +36,16 @@ def main():
             )
             self.add_action(actions.AddAddressToGroup())
 
+            self.add_action(actions.BlockHost())
+
             self.add_action(actions.CheckIfAddressObjectInGroup())
 
             self.add_action(actions.CreateAddressObject())
 
             self.add_action(actions.DeleteAddressObject())
 
+            self.add_action(actions.GetBlockedHosts())
+
             self.add_action(actions.RemoveAddressFromGroup())
 
 

@@ -6,12 +6,18 @@
 
 * Determine if a host is blocked by checking if it's found in an address group applied to a firewall rule
 * Block and unblock hosts from the firewall through object management
+* Block and unblock hosts with the shun command
+* Check which hosts are blocked with the shun command
 
 # Requirements
 
 * Username and Password for an ASA account with the appropriate privilege level for the action
 * Cisco ASA server with the [REST API server enabled](https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html)
 
+# Supported Product Versions
+
+* 9.13(1)
+
 # Documentation
 
 ## Setup
@@ -52,6 +58,78 @@ Example input:
 
 ### Actions
 
+#### Block Host
+
+This action is used to block hosts by IP address using the shun command.
+
+##### Input
+
+|Name|Type|Default|Required|Description|Enum|Example|
+|----|----|-------|--------|-----------|----|-------|
+|destination_ip|string|None|False|Destination IP address|None|198.51.100.100|
+|destination_port|integer|None|False|Destination port|None|443|
+|protocol|string|None|False|IP protocol, for example TCP or UDP|None|TCP|
+|shun|boolean|True|True|True to block a host or false to unblock a host using the shun command|None|True|
+|source_ip|string|None|True|Source IP address you want to block or unblock|None|198.51.100.100|
+|source_port|integer|None|False|Source port|None|443|
+
+Example input:
+
+```
+{
+  "destination_ip": "198.51.100.100",
+  "destination_port": 443,
+  "protocol": "TCP",
+  "shun": true,
+  "source_ip": "198.51.100.100",
+  "source_port": 443
+}
+```
+
+##### Output
+
+|Name|Type|Required|Description|
+|----|----|--------|-----------|
+|success|boolean|True|Whether the block or unblock action was successful|
+
+Example output:
+
+```
+{
+  "success": true
+}
+```
+
+#### Get Blocked Hosts
+
+This action is used to get blocked hosts.
+
+##### Input
+
+_This action does not contain any inputs._
+
+##### Output
+
+|Name|Type|Required|Description|
+|----|----|--------|-----------|
+|hosts|[]hosts|True|List of hosts blocked with shun command|
+
+Example output:
+
+```
+{
+  "hosts": [
+    {
+      "source_ip": "10.1.1.27",
+      "dest_ip": "10.2.2.89",
+      "source_port": "444",
+      "dest_port": "555",
+      "protocol": "6"
+    }
+  ]
+}
+```
+
 #### Create Address Object
 
 This action is used to create Address Object by the Object IP address.
@@ -254,23 +332,34 @@ _This plugin does not contain any triggers._
 |----|----|--------|-----------|
 |Host|host|False|Host|
 |Kind|string|False|Kind|
-|Name|string|False|Name|
+|Object Name|string|False|The name of the object|
 |Object ID|string|False|Object ID|
 |Self Link|string|False|Self link|
 
 #### host
 
 |Name|Type|Required|Description|
 |----|----|--------|-----------|
-|Kind|string|False|Kind|
-|Value|string|False|Value|
+|Kind|string|False|Kind is the type of object e.g. IPv4Address, IPv4FQDN, etc.|
+|Value|string|False|The value of the object. This will be the actual IPv4, IPv6, FQDN, etc. address the object refers to.|
+
+#### hosts
+
+|Name|Type|Required|Description|
+|----|----|--------|-----------|
+|Destination IP|string|False|Destination IP address|
+|Destination Port|string|False|Destination port|
+|Protocol|string|False|Protocol|
+|Source IP|string|False|Source IP address|
+|Source Port|string|False|Source port|
 
 ## Troubleshooting
 
 _This plugin does not contain any troubleshooting information._
 
 # Version History
 
+* 1.5.0 - Add new actions Get Blocked Hosts and Block Host
 * 1.4.2 - Add `docs_url` in plugin spec | Update `source_url` in plugin spec
 * 1.4.1 - Fix None check in actions Add Address to Group and Create Address Object
 * 1.4.0 - Add new action Create Address Object

@@ -1,6 +1,8 @@
 # GENERATED BY KOMAND SDK - DO NOT EDIT
 from .add_address_to_group.action import AddAddressToGroup
+from .block_host.action import BlockHost
 from .check_if_address_object_in_group.action import CheckIfAddressObjectInGroup
 from .create_address_object.action import CreateAddressObject
 from .delete_address_object.action import DeleteAddressObject
+from .get_blocked_hosts.action import GetBlockedHosts
 from .remove_address_from_group.action import RemoveAddressFromGroup
@@ -0,0 +1,2 @@
+# GENERATED BY KOMAND SDK - DO NOT EDIT
+from .action import BlockHost
@@ -0,0 +1,23 @@
+import insightconnect_plugin_runtime
+from .schema import BlockHostInput, BlockHostOutput, Input, Output, Component
+
+# Custom imports below
+
+
+class BlockHost(insightconnect_plugin_runtime.Action):
+    def __init__(self):
+        super(self.__class__, self).__init__(
+            name="block_host", description=Component.DESCRIPTION, input=BlockHostInput(), output=BlockHostOutput()
+        )
+
+    def run(self, params={}):
+        return {
+            Output.SUCCESS: self.connection.cisco_asa_api.block_host(
+                params.get(Input.SHUN),
+                params.get(Input.SOURCE_IP),
+                params.get(Input.DESTINATION_IP),
+                params.get(Input.SOURCE_PORT),
+                params.get(Input.DESTINATION_PORT),
+                params.get(Input.PROTOCOL),
+            )
+        }
@@ -0,0 +1,98 @@
+# GENERATED BY KOMAND SDK - DO NOT EDIT
+import insightconnect_plugin_runtime
+import json
+
+
+class Component:
+    DESCRIPTION = "Block hosts by IP address(IPv4) using the shun command"
+
+
+class Input:
+    DESTINATION_IP = "destination_ip"
+    DESTINATION_PORT = "destination_port"
+    PROTOCOL = "protocol"
+    SHUN = "shun"
+    SOURCE_IP = "source_ip"
+    SOURCE_PORT = "source_port"
+
+
+class Output:
+    SUCCESS = "success"
+
+
+class BlockHostInput(insightconnect_plugin_runtime.Input):
+    schema = json.loads("""
+   {
+  "type": "object",
+  "title": "Variables",
+  "properties": {
+    "destination_ip": {
+      "type": "string",
+      "title": "Destination IP",
+      "description": "Destination IP address",
+      "order": 3
+    },
+    "destination_port": {
+      "type": "integer",
+      "title": "Destination Port",
+      "description": "Destination port",
+      "order": 5
+    },
+    "protocol": {
+      "type": "string",
+      "title": "Protocol",
+      "description": "IP protocol, for example TCP or UDP",
+      "order": 6
+    },
+    "shun": {
+      "type": "boolean",
+      "title": "Shun",
+      "description": "True to block a host or false to unblock a host using the shun command",
+      "default": true,
+      "order": 1
+    },
+    "source_ip": {
+      "type": "string",
+      "title": "Source IP",
+      "description": "Source IP address you want to block or unblock",
+      "order": 2
+    },
+    "source_port": {
+      "type": "integer",
+      "title": "Source Port",
+      "description": "Source port",
+      "order": 4
+    }
+  },
+  "required": [
+    "shun",
+    "source_ip"
+  ]
+}
+    """)
+
+    def __init__(self):
+        super(self.__class__, self).__init__(self.schema)
+
+
+class BlockHostOutput(insightconnect_plugin_runtime.Output):
+    schema = json.loads("""
+   {
+  "type": "object",
+  "title": "Variables",
+  "properties": {
+    "success": {
+      "type": "boolean",
+      "title": "Success",
+      "description": "Whether the block or unblock action was successful",
+      "order": 1
+    }
+  },
+  "required": [
+    "success"
+  ]
+}
+    """)
+
+    def __init__(self):
+        super(self.__class__, self).__init__(self.schema)
@@ -0,0 +1,2 @@
+# GENERATED BY KOMAND SDK - DO NOT EDIT
+from .action import GetBlockedHosts
@@ -0,0 +1,17 @@
+import insightconnect_plugin_runtime
+from .schema import GetBlockedHostsInput, GetBlockedHostsOutput, Output, Component
+
+# Custom imports below
+
+
+class GetBlockedHosts(insightconnect_plugin_runtime.Action):
+    def __init__(self):
+        super(self.__class__, self).__init__(
+            name="get_blocked_hosts",
+            description=Component.DESCRIPTION,
+            input=GetBlockedHostsInput(),
+            output=GetBlockedHostsOutput(),
+        )
+
+    def run(self, params={}):  # pylint: disable=unused-argument
+        return {Output.HOSTS: self.connection.cisco_asa_api.get_blocked_hosts()}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# GENERATED BY KOMAND SDK - DO NOT EDIT
		from .action import BlockHost
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# GENERATED BY KOMAND SDK - DO NOT EDIT
		from .action import GetBlockedHosts