search

chetanph / fmc-remediation-module-xdr

Cisco FMC Remediation Module for Cisco XDR automation workflow
Other
1 stars 0 forks source link

Error: FileNotFoundError: [Errno 2] No such file or directory: 'instance.conf' when running FMC 7.4|7.6 #8

Open vagner-instructor opened 6 days ago

vagner-instructor commented 6 days ago

Error when running on versions 7.6 or 7.4.1 the following error it's showing:

FMC 7.4:

File "/var/sf/remediations/TriggerXDRWorkflow_1.0/./trigger_workflow.py", line 12, in tree = ET.parse("instance.conf") File "/usr/lib64/python3.9/xml/etree/ElementTree.py", line 1229, in parse tree.parse(source, parser) File "/usr/lib64/python3.9/xml/etree/ElementTree.py", line 569, in parse source = open(source, "rb") FileNotFoundError: [Errno 2] No such file or directory: 'instance.conf'

FMC 7.6:

Traceback (most recent call last): File "/var/sf/remediations/TriggerXDRWorkflow_1.0/./trigger_workflow.py", line 12, in tree = ET.parse("instance.conf") File "/usr/lib64/python3.9/xml/etree/ElementTree.py", line 1229, in parse tree.parse(source, parser) File "/usr/lib64/python3.9/xml/etree/ElementTree.py", line 569, in parse source = open(source, "rb") FileNotFoundError: [Errno 2] No such file or directory: 'instance.conf'

Test: ./trigger_workflow.py XDR_Block_Source_IP 10.110.100.11

chetanph commented 6 days ago

Hello,

Looks like the test is run from remediation module directory but not the instance directory. It needs to be tested from the remediation "instance" directory:

root@LAB-FMC74:/var/sf/remediations/TriggerXDRWorkflow_1.0# cd XDR_Workflow_Block_Source_IP
root@LAB-FMC74:/var/sf/remediations/TriggerXDRWorkflow_1.0/XDR_Workflow_Block_Source_IP#
root@LAB-FMC74:/var/sf/remediations/TriggerXDRWorkflow_1.0/XDR_Workflow_Block_Source_IP# cat instance.conf
<instance name="XDR_Workflow_Block_Source_IP">
  <config>
             <string name="webhook_url">https://automate.us.security.cisco.com/webhooks/{WEBHOOK_ID}?api_key={WEBHOOK_API_KEY}</string>
  </config>
  <remediation name="XDR_Block_Source_IP" type="block_source">
    <config>
    </config>
  </remediation>
</instance>
root@LAB-FMC74:/var/sf/remediations/TriggerXDRWorkflow_1.0/XDR_Workflow_Block_Source_IP#
root@LAB-FMC74:/var/sf/remediations/TriggerXDRWorkflow_1.0/XDR_Workflow_Block_Source_IP# ../trigger_workflow.py XDR_Block_Source_IP 10.110.100.11
XDR Automation Webhook accepted data: {'remediation_name': 'XDR_Block_Source_IP', 'src_ip_addr': '10.110.100.11'}
root@LAB-FMC74:/var/sf/remediations/TriggerXDRWorkflow_1.0/XDR_Workflow_Block_Source_IP#

In the above example, cd XDR_Workflow_Block_Source_IP is used to enter the instance directory and then the module is tested using ../trigger_workflow.py XDR_Block_Source_IP 10.110.100.11. Please note that ../trigger_workflow.py is used at the beginning to run the module from parent (..) directory.