Python api client for firepower management center
Project description
FireREST
FireREST is a python library to interface with Cisco Firepower Management Center REST API.
Features
- Authentication and automatic session refresh / re-authentication
- Rate-limit detection and automatic backoff and retry behavior
- Automatic squashing of paginated api payloads
- Sanitization of api payloads for create and update operations
- Detailed logging of api calls
- API specific error handling using various custom exceptions
- Support for resource lookup by name instead of uuid for all CRUD operations
Requirements
- Python >= 3.7
Quickstart
Installation
pip install fireREST
Import api client
from fireREST import FMC
Authentication
FireREST uses basic authentication. In case your authentication token times out, the api client will automatically refresh the session and retry a failed operation. In case all 3 refresh tokens have been the connection object will try to re-authenticate again automatically.
fmc = FMC(hostname='fmc.example.com', username='firerest', password='Cisco123', domain='Global')
NOTE: By default
Globalis used as domain
Objects
Create network object
net_obj = {
'name': 'NetObjViaAPI',
'value': '198.18.1.0/24',
}
response = fmc.object.network.create(data=net_obj)
NOTE: In case a resource supports the
bulkoptionFireRESTwill automatically appendbulk=Trueto params if thedataprovided is of typelistand notdict
Get all network objects
net_objects = fmc.object.network.get()
Get specific network object
net_objects = fmc.object.network.get(name='NetObjViaAPI')
NOTE: You can access resource either by
nameoruuid. If a name is specified FireREST will use a filter if supported by the api resource of iterate through all existing resources to find a match
Update network object
net_obj = fmc.object.network.get(name='NetObjViaAPI')
net_obj['name'] = 'RenamedNetObjViaAPI'
response = fmc.object.network.update(data=net_obj)
NOTE: FireREST automatically extracts the
idfield of the provided datadictto update the correct resource
Delete network object
response = fmc.object.network.delete(name='NetObjViaAPI')
Supported operations
Since FireREST does not try to provide a python object model nearly all api calls up to version 6.7.0 are available which includes but is not limited to the following CRUD operations:
├── assignment
│ ├── policyassignment
├── audit
│ ├── auditrecord
├── deployment
│ ├── deployabledevice
│ │ ├── deployment
│ │ ├── pendingchanges
│ ├── deploymentrequest
│ ├── jobhistory
│ └── rollbackrequest
├── device
│ ├── devicerecord
│ │ ├── bridgegroupinterface
│ │ ├── etherchannelinterface
│ │ ├── fpinterfacestatistics
│ │ ├── fplogicalinterface
│ │ ├── fpphysicalinterface
│ │ ├── inlineset
│ │ ├── interfaceevent
│ │ ├── operational
│ │ │ ├── command
│ │ │ ├── metric
│ │ ├── physicalinterface
│ │ ├── redundantinterface
│ │ ├── routing
│ │ │ ├── bgp
│ │ │ ├── bgpgeneralsettings
│ │ │ ├── ipv4staticroute
│ │ │ ├── ipv6staticroute
│ │ │ ├── ospfinterface
│ │ │ ├── ospfv2route
│ │ │ ├── ospfv3interface
│ │ │ ├── staticroute
│ │ │ └── virtualrouter
│ │ ├── subinterface
│ │ ├── virtualswitch
│ │ ├── virtualtunnelinterface
│ │ └── vlaninterface
├── devicecluster
│ ├── ftddevicecluster
├── devicegroup
│ ├── devicegrouprecord
├── devicehapair
│ ├── ftddevicehapair
│ │ ├── failoverinterfacemacaddressconfig
│ │ ├── monitoredinterface
├── health
│ ├── alert
│ ├── metric
├── integration
│ ├── cloudeventsconfig
│ ├── cloudregion
│ ├── externallookup
│ ├── externalstorage
├── intelligence
│ ├── taxiiconfig
│ │ ├── collection
│ │ ├── discoveryinfo
│ └── tid
│ ├── element
│ ├── incident
│ ├── indicator
│ ├── observable
│ ├── setting
│ └── source
├── job
│ └── taskstatus
├── object
│ ├── anyprotocolportobject
│ ├── application
│ ├── applicationcategory
│ ├── applicationfilter
│ ├── applicationproductivities
│ ├── applicationrisk
│ ├── applicationtag
│ ├── applicationtype
│ ├── aspathlist
│ ├── certenrollment
│ ├── communitylist
│ ├── continent
│ ├── country
│ ├── dnsservergroup
│ ├── endpointdevicetype
│ ├── expandedcommunitylist
│ ├── extendedaccesslist
│ ├── fqdn
│ ├── geolocation
│ ├── globaltimezone
│ ├── host
│ ├── icmpv4object
│ ├── icmpv6object
│ ├── ikev1ipsecproposal
│ ├── ikev1policy
│ ├── ikev2ipsecproposal
│ ├── ikev2policy
│ ├── interface
│ ├── interfacegroup
│ ├── ipv4prefixlist
│ ├── ipv6prefixlist
│ ├── isesecuritygrouptag
│ ├── keychain
│ ├── network
│ ├── networkaddress
│ ├── networkgroup
│ ├── policylist
│ ├── port
│ ├── portobjectgroup
│ ├── protocolportobject
│ ├── range
│ ├── realmuser
│ ├── realmusergroup
│ ├── routemap
│ ├── securitygrouptag
│ ├── securityzone
│ ├── siurlfeed
│ ├── siurllist
│ ├── slamonitor
│ ├── standardaccesslist
│ ├── standardcommunitylist
│ ├── timerange
│ ├── timezone
│ ├── tunneltag
│ ├── url
│ ├── urlcategory
│ ├── urlgroup
│ ├── variableset
│ ├── vlangrouptag
│ └── vlantag
├── policy
│ ├── accesspolicy
│ │ ├── accessrule
│ │ ├── category
│ │ ├── defaultaction
│ │ ├── inheritancesettings
│ │ ├── loggingsettings
│ │ ├── operational
│ │ │ ├── hitcounts
│ ├── filepolicy
│ ├── ftdnatpolicy
│ │ ├── autonatrule
│ │ ├── manualnatrule
│ │ ├── natrule
│ ├── ftds2svpn
│ │ ├── advancedsettings
│ │ ├── endpoint
│ │ ├── ikesettings
│ │ ├── ipsecsettings
│ ├── intrusionpolicy
│ │ ├── intrusionrule
│ ├── prefilterpolicy
│ │ ├── defaultaction
│ │ ├── operational
│ │ │ ├── hitcounts
│ │ ├── prefilterrule
│ ├── snmpalert
│ └── syslogalert
├── system
│ ├── info
│ │ ├── domain
│ │ └── serverversion
├── update
│ └── upgradepackage
│ ├── applicabledevice
└── user
├── authrole
└── ssoconfig
Authors
Oliver Kaiser (oliver.kaiser@outlook.com)
License
GNU General Public License v3.0 or later.
See LICENSE for the full text.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
