-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.json
109 lines (106 loc) · 3.81 KB
/
test.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
{
"type": "playbook",
"spec_version": "cacao-2.0",
"id": "playbook--300f5c47-c53a-4bff-b6d1-dd9a6062a0bf",
"name": "Add block rule in OPNsense",
"description": "This playbook will add a block rule in OPNsense",
"created_by": "identity--69531c15-ce04-4076-856f-088e55acca3d",
"created": "2024-09-10T09:46:45.179Z",
"modified": "2024-09-10T09:46:45.179Z",
"revoked": false,
"playbook_variables": {
"__affected_agent_ip__": {
"type": "ip",
"constant": true,
"external": true
},
"__target_net__": {
"type": "string",
"constant": true,
"external": true,
"value": "any"
},
"__opnsense_user__": {
"type": "string",
"constant": true,
"external": true
},
"__opnsense_key__": {
"type": "string",
"constant": true,
"external": true
}
},
"workflow_start": "start--8e717805-03ec-4b8d-a969-7382370d2a39",
"workflow": {
"start--8e717805-03ec-4b8d-a969-7382370d2a39": {
"on_completion": "action--e70f3678-40ca-4ad0-b49f-b7e5038f0a52",
"type": "start"
},
"action--e70f3678-40ca-4ad0-b49f-b7e5038f0a52": {
"name": "Reconfigure Opnsense firewall",
"description": "This action will set the following firewall rule in Opnsense for IPv4 (host): ",
"on_completion": "end--4f5df533-d652-4e9e-afbf-aaaf5e4c8c8f",
"type": "action",
"commands": [
{
"type": "http-api",
"description": "HTTP call to Opnsense API addRule:\n/api/firewall/npt/addRule\n",
"command": "POST /api/firewall/filter/addRule HTTP/1.1",
"content": "{\"rule\":{\"description\":\"OPNsense SOARCA Rule\",\"source_net\":\"__affected_agent_ip__:value\",\"protocol\":\"any\",\"destination_net\":\"__target_net__:value\",\"action\":\"block\",\"interface\":\"lan\"}}",
"headers": {
"Content-type": [
"application/json"
]
}
},
{
"type": "http-api",
"description": "Apply the filter rule in OPNsense",
"command": "POST /api/firewall/filter/apply HTTP/1.1",
"content": "{}",
"headers": {
"Content-type": [
"application/json"
]
}
}
],
"agent": "soarca--a2a14ae9-b38f-4f54-b1b5-96dac9c4ea7e",
"targets": [
"http-api--1e710df2-ce4e-4c5b-ba04-6c9ac5e5c4bd"
]
},
"end--4f5df533-d652-4e9e-afbf-aaaf5e4c8c8f": {
"type": "end"
}
},
"authentication_info_definitions": {
"http-basic--6b8bd23f-b168-47d4-a84c-7309d25c3de3": {
"type": "http-basic",
"name": "OPNsense key",
"user_id": "__opnsense_user__:value",
"password": "__opnsense_key__:value",
"kms": false
}
},
"agent_definitions": {
"soarca--a2a14ae9-b38f-4f54-b1b5-96dac9c4ea7e": {
"type": "soarca",
"name": "soarca-http-api"
}
},
"target_definitions": {
"http-api--1e710df2-ce4e-4c5b-ba04-6c9ac5e5c4bd": {
"type": "http-api",
"name": "Opnsense demo firewall",
"address": {
"ipv4": [
"192.168.1.1"
]
},
"authentication_info": "http-basic--6b8bd23f-b168-47d4-a84c-7309d25c3de3",
"port": "443"
}
}
}