Cisco Secure Access API
the cisco secure access api enables organizations to manage network access and enforce security policies through automated workflows cisco secure access api provides robust security management capabilities, allowing organizations to automate domain security and manage destination lists effectively by integrating with swimlane turbine, users can streamline the creation, retrieval, and management of destination lists, enhancing their security posture this integration empowers security teams to automate threat intelligence processes, ensuring swift and accurate responses to potential threats, and reducing manual intervention prerequisites before you can use the cisco secure access api connector for turbine, you'll need access to the cisco secure access api this requires the following an api key authentication using the following parameters url the endpoint url for accessing the cisco secure access api api key a unique key provided by cisco to authenticate api requests configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required customerkey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create destination list create a destination list in your organization using cisco secure access api requires json body with access, name, and isglobal parameters endpoint url /destinationlists method post input argument name type required description bundletypeid number optional the type of destination list to create access string optional configure your access rules to block or allow certain destination lists name string optional the name of the destination list isglobal boolean optional specifies whether the destination list is a global destination list destinations array optional the list of destinations destinations destination string optional the destination to block or allow destinations type string optional the type of destination destinations comment string optional the comment about the destination input example {"json body" {"bundletypeid" 2,"access" "block","name" "threat intelligence blocklist","isglobal"\ false,"destinations" \[{"destination" "www internetbadguys com","type" "domain","comment" "known malicious domain"},{"destination" "http //malware example com/payload","type" "url","comment" "malware distribution url"},{"destination" "192 0 2 100","type" "ipv4","comment" "suspicious ip address"}]}} output parameter type description status code number http status code of the response reason string response reason phrase status object status value status code number status value status text string status value data object response data data id number response data data organizationid number response data data access string response data data isglobal boolean response data data name string response data data thirdpartycategoryid number response data data createdat number response data data modifiedat number response data data ismspdefault boolean response data data markedfordeletion boolean response data data bundletypeid number response data data meta object response data data meta destinationcount number response data data meta domaincount number response data data meta urlcount number response data data meta ipv4count number response data data meta ipv6count number response data data meta applicationcount number response data output example {"status code" 200,"reason" "ok","json body" {"status" {"code" 200,"text" "ok"},"data" {"id" 1234567,"organizationid" 2345678,"access" "none","isglobal"\ false,"name" "global allow list","thirdpartycategoryid" 0,"createdat" 1490206249,"modifiedat" 1520476127,"ismspdefault"\ false,"markedfordeletion"\ false,"bundletypeid" 2,"meta" {}}}} delete destination list remove a destination list from your organization in cisco secure access api using the specified destinationlistid endpoint url /destinationlists/{{destinationlistid}} method delete input argument name type required description path parameters destinationlistid number required the unique id of the destination list input example {"path parameters" {"destinationlistid" 245}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","json body" {}} delete domain delete a domain from the shared customer's domain list in cisco secure access api using the domain's name or id as a path parameter endpoint url /domains/{{name or id}} method delete input argument name type required description path parameters name or id string required parameters for the delete domain action input example {"path parameters" {"name or id" "test"}} get destination list retrieve a destination list from cisco secure access api using the specified destinationlistid as a path parameter endpoint url /destinationlists/{{destinationlistid}} method get input argument name type required description path parameters destinationlistid number required the unique id of the destination list input example {"path parameters" {"destinationlistid" 245}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","json body" {}} get destination lists get the destination lists in your organization using cisco secure access api endpoint url /destinationlists method get input argument name type required description parameters page number optional the page number to get parameters limit number optional the number of items to get per page input example {"parameters" {"page" 1,"limit" 10}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","json body" \[{"bundletypeid" 1,"createdat" 1576169250,"id" 12345,"modifiedat" 1576259640,"organizationid" 98765,"thirdpartycategoryid" 0,"access" "block","name" "blocked destinations","isglobal"\ false,"ismspdefault"\ false,"markedfordeletion"\ false,"meta" {}},{"bundletypeid" 2,"createdat" 1576186213,"id" 67890,"modifiedat" 1576186213,"organizationid" 98765,"thirdpartycategoryid" 0,"access" "allow","name" "allowed destinations","isglobal"\ false,"ismspdefault"\ false list domains gather the list of domains already added to the shared customer's domain list in cisco secure access api endpoint url domains method get output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta page number output field meta page meta limit number output field meta limit meta prev boolean output field meta prev meta next boolean output field meta next data array response data data id number response data data name string response data data lastseenat number response data output example {"status code" 200,"response headers" {"server" "nginx","date" "sun, 12 feb 2023 17 12 36 gmt","content type" "application/json","content length" "262","connection" "keep alive","strict transport security" "max age=15768000; includesubdomains","x frame options" "sameorigin","x xss protection" "1; mode=block","x content type options" "nosniff"},"reason" "ok","json body" {"meta" {"page" 1,"limit" 200,"prev"\ false,"next"\ false},"data" \[{},{},{}]}} list tenants retrieve a list of tenants within the organization using cisco secure access api requires organizationids as input endpoint url /tenants/lists method get input argument name type required description parameters organizationids string required a comma separated list of ids for the tenant organizations parameters optionalfields array optional optional fields to request additional data along with regular response parameters filters object optional filters that can be applied to the response by the system parameters filters organizationid number optional filter by the id of the tenant parameters filters organizationname string optional filter by the name of the tenant parameters sort object optional the properties to sort the collection parameters sort order\[organizationid] string optional the order to use when sorting the id of the tenants parameters sort order\[organizationname] string optional the order to use when sorting the name of the tenants input example {"parameters" {"organizationids" "1234567,2345678,3123456,4234567","optionalfields" \["name","email","phone","address","city","state"],"filters" {"organizationid" 1234567,"organizationname" "acme corporation"},"sort" {"order\[organizationid]" "asc","order\[organizationname]" "desc"}}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","json body" \[{"organizationid" 1234567,"organizationname" "tenant one"}]} post domain post a malicious event to cisco secure access api for processing and optional addition to domain lists requires providername, protocolversion, alerttime, deviceid, deviceversion, dstdomain, dsturl, eventtime, and disabledstsafeguards endpoint url /events method post input argument name type required description providername string optional unique identifier protocolversion string optional parameter for post domain alerttime string optional time value deviceid string optional unique identifier deviceversion string optional parameter for post domain dstdomain string optional parameter for post domain dsturl string optional url endpoint for the request eventtime string optional time value disabledstsafeguards string optional parameter for post domain dstip string optional parameter for post domain eventdescription string optional parameter for post domain eventhash string optional parameter for post domain eventseverity string optional parameter for post domain eventtype string optional type of the resource externalurl string optional url endpoint for the request filehash string optional parameter for post domain filename string optional name of the resource src string optional parameter for post domain input example {"json body" {"providername" "provider name","protocolversion" "1","alerttime" "2013 02 08t09 30 26 0z","deviceid" "ba6a59f4 e692 4724 ba36 c28132c761de","deviceversion" "13 7a","dstdomain" "www internetbadguys com","dsturl" "http //internetbadguys com/security?foo=there%20are%20spaces%20here","eventtime" "2013 02 08t09 30 26 0z","disabledstsafeguards" "","dstip" "8 8 8 8","eventdescription" "win32/crilock a","eventhash" "d41d8cd98f00b204e9800998ecf8427e","eventseverity" "high","eventtype" "cryptolocker","externalurl" "http //groogle com/malware html","filehash" "da39a3ee5e6b4b0d3255bfef95601890afd80709","filename" "%appdata%roamingmicrosoftwindowstemplatesrandom exe","src" "192 168 100 101"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier output example {"status code" 202,"response headers" {"server" "nginx","date" "sun, 12 feb 2023 17 31 16 gmt","content type" "application/json","content length" "45","connection" "keep alive","strict transport security" "max age=15768000; includesubdomains"},"reason" "accepted","json body" {"id" "7108b501,4656,4378,90b2 d9712d347b09"}} update destination list update the name of a destination list in your organization using cisco secure access api requires destinationlistid as path parameter and name in json body endpoint url /destinationlists/{{destinationlistid}} method patch input argument name type required description path parameters destinationlistid number required the unique id of the destination list name string optional the name of the destination list input example {"json body" {"name" "global allow list"},"path parameters" {"destinationlistid" 245}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier organizationid number unique identifier access string output field access isglobal boolean output field isglobal name string name of the resource thirdpartycategoryid number unique identifier createdat number output field createdat modifiedat number output field modifiedat ismspdefault boolean output field ismspdefault markedfordeletion boolean output field markedfordeletion bundletypeid number unique identifier meta object output field meta meta destinationcount number count value output example {"status code" 200,"reason" "ok","json body" {"id" 2477857,"organizationid" 22429759,"access" "none","isglobal"\ false,"name" "new name of destination list","thirdpartycategoryid" 0,"createdat" 1532628019,"modifiedat" 1532628019,"ismspdefault"\ false,"markedfordeletion"\ false,"bundletypeid" 2,"meta" {"destinationcount" 1}}} response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 262 content type the media type of the resource application/json date the date and time at which the message was originated sun, 12 feb 2023 17 31 16 gmt server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=15768000; includesubdomains x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block