The F5 and Meraki app contributions to the contest were recognized as a first place (tie) entry at the 17 June 2016 webinar. The apps will be discussed at the 26th August 2016 Phantom tech session: Video Tutorial https://my.phantom.us/video/23/ [requires login].
http://www.slideshare.net/joelwking/10000-phantom-app-playbook-contest-f5-and-cisco-meraki
The Ansible Tower app was developed for the second app challenge.
In an effort to demonstrate building and automating the next generation networks, I’ve submitted on behalf of World Wide Technology, these entries in the 2016 Phantom playbook and app contest.
This contest is sponsored by Phantom (www.phantom.us) to promote the community development of playbooks and apps, the press release http://www.businesswire.com/news/home/20160120005085/en is available.
Phantom is a Security Automation & Orchestration platform that integrates with existing security technologies in order to provide a layer of “connective tissue” between them. Phantom doesn’t replace existing security products, but instead uses Playbooks and Apps to make them smarter, faster and stronger.
At World Wide Technology, we are engaging with customers in their evaluation of Phantom and this video clip provides a demonstration of the playbooks and apps developed to ingest data through the REST API and then implement a firewall rule on a F5 BIG-IP appliance to block the source IP address identified in the artifact.
This app is also referenced on F5 DevCentral as part of the June is Programmability Month! initiative.
https://devcentral.f5.com/codeshare/f5-big-ip-phantom-cyber-app-915
To install this app download the tarball ( f5_firewall.tgz ) and follow the app installation instructions in the Phantom documentation, see https://<your_phantom_host>/docs/admin/apps.
This utility creates containers and artifacts via the Phantom REST API from metadata off Cisco IP Phones. It is used to programatically create incidents for testing the F5 and Meraki apps.
This is a python class and methods to abstract the functionality of creating containers and artifacts in Phantom.
Integrating Cloud Controlled WiFi, Routing and Security with Security Automation and Orchestration
Cisco Meraki is a cloud managed architecture, which is used to deploy, configure, manage and monitor WiFI, routing and security appliances in small to medium branch office locations. Phantom Cyber is an extensible security automation and orchestration package which allow custom applications to be written within its framework. This video demonstrates how the Meraki device provisioning APIs can be used by a Phantom app to quickly locate devices in the Meraki network.
This app has been updated to include a bind network action which can be used to associate (substitute) a named configuration template to a specified network.
To install this app download the tarball ( meraki.tgz ) and follow the app installation instructions in the Phantom documentation, see https://<your_phantom_host>/docs/admin/apps.
Ansible Tower is a enterprice licensed GUI for managing Ansible workflows. This Phantom app implements an interface to run (launch) job templates defined in Ansible Tower from Phantom. Variables can be passed from a Phantom playbook to the job template. Ansible is a force multiplier for Phantom, as it provides a means to execute simple to complex playbooks written for Ansible from Phantom.
While this app provides a high degree of flexibility to security operations, only the success or failure of the job launched in Ansible Tower is returned to the Phantom playbook, which means output cannot be used in subsequent playbook steps.
A sample configurations for implementing a Remote Triggered Black Hole, adding a static route to a Cisco router, is provided in this powerpoint slide deck, for both Phantom and Ansible.
http://www.slideshare.net/joelwking/phantom-app-ansible-tower
The Ansible playbook ( RTBH.yml ) and the Phantom playbook ( Remote_Trigger_Black_Hole.py ) are provided in the repository.
A youtube video is available demonstrating how a Cisco ACI fabric configuration can be modified from Phantom. The Phantom playbook ( Dropzone_2.py ) and the Ansible playbook ( dbgacEpgToIp.yml ) and Jinja template ( dbgacEpgToIp.j2 ) to create the ACI XML file is also provided.
To install this app download the tarball ( ansible_tower.tgz ) and follow the app installation instructions in the Phantom documentation, see https://<your_phantom_host>/docs/admin/apps.
A10 Lightning Application Delivery System (LADS) is a subscription based managed service (SaaS) that provides a unified set of features for applications deployed in a public and private cloud infrastructure. This app enables security operations the ability to block or unblock IP addresses and IP networks from accessing the application running behind the LADC Cluster.
This app uses the northbound API to the A10 Lightning Controller to manage the configurations of the LADC Cluster. For more information or to request a trial, refer to https://www.a10networks.com/products/lightning-application-delivery-service and watch this video on the integration of Phantom and A10 LADS.
To install this app download the tarball ( A10_LADS.tgz ) and follow the app installation instructions in the Phantom documentation, see https://<your_phantom_host>/docs/admin/apps.
For more information on the security solutions at World Wide Technology, visit https://www.wwt.com/category/security-transformation.
Joel W. King - [email protected] @joelwking