Updating playbook credentials

    Last updated on:

    In this page

    Overview

    To ensure successful playbook execution across your infrastructure, credentials for supported devices must be securely configured within the product. You can set global or device-specific credentials for Windows, Linux, and major firewall vendors. Some integrations, like ADManager Plus and SNMP Traps, require additional setup to enable action-based responses.

    Only users with admin privileges can manage playbook credentials.

    Updating playbook credentials

    Pre-requisites to update playbook credentials:

    • You can automate playbooks on Windows, Linux, and Cisco devices. But in order to perform this action, you must have administrative privileges.
    • The credentials of these devices must also be updated in Log360 for seamless execution of the playbooks.

    Accessing playbook credentials

    1. In the product console, navigate to the Alerts tab. Click on the More tools icon present at the top-right corner of the page as highlighted in the below image.
      Updating playbook credentials
      Image 1: More tools icon present in the Alerts tab
    2. Click on Playbook to open the Manage Playbook page.
      Updating playbook credentials
    3. Click on the Playbook Credentials present in the Manage Playbook page.
      Updating playbook credentials
      Image 2: Playbook credentials in the Alerts tab
    4. When you click on Playbook Credentials, a pop-up appears to Edit Credentials.
      Updating playbook credentials
    5. Based on the device types, choose the Credential Type from the drop-down as shown below.
      Updating playbook credentials

    Continue reading to understand the step-by-step device specific guide to update playbook credentials.

    To automate playbooks in Windows devices:

    If the Windows devices have already been added to the product, playbooks can be executed by using the device credentials or the domain credentials of the devices. So, you need not manually update credentials for Windows devices.

    To automate playbooks in Linux devices:

    You can configure a set of common credentials for executing playbooks on all Linux devices.

    Updating playbook credentials
    1. Enter the Username, Password, and Port number.
    2. Click on Add to store and use these credentials to execute playbooks on all Linux devices.

    To automate playbooks in Cisco devices

    You must configure the REST API agent in the Cisco firewall to execute playbooks by following the steps given in this link. (The Cisco REST API supported versions are listed here).

    You can configure a set of common credentials for executing playbooks in all Cisco devices as elaborated below:

    Updating playbook credentials
    1. Enter the Username and Password.
    2. Click on Add to store and use these credentials to execute playbooks on all Cisco devices.

    If the common credentials do not work for certain Cisco Devices

    You need to configure the credentials for those devices by following the steps given below:

    1. In the product console, navigate to SettingsDevices.
      Updating playbook credentials
      Image 3: Device settings via the Settings tab
    2. Go to the Syslog Devices tab and hover your mouse pointer near the device on which you want to execute playbooks and click on the Edit icon.
      Updating playbook credentials
      Image 4: Update Syslog device settings via the Settings tab
    3. In the Update Device pop-up menu, click on Advanced.
      Updating playbook credentials
    4. Select the Configure REST API Credentials check box.
      Updating playbook credentials
    5. Enter a Username and Password and click on Verify Credential to send a REST API call to the Cisco device to verify if the credentials are valid. Once the verification is complete, click on Update to store and use the specified credentials for executing playbooks.
      Updating playbook credentials

    To automate workflows in Fortigate devices

    In order to generate an API token to execute playbooks on Fortigate devices, you need to create a new REST API Admin on your device using the steps given below:

    Phase 1: Create Administrator profile

    1. Navigate to System from the sections listed on the left in the dashboard.
    2. Click on the Admin Profiles under the System section.
    3. Click the Create icon to start creating a new admin profile.
    4. You will see the New Admin Profile window open.
    5. Enter an appropriate name for your admin profile.
    6. Select access control permissions for different functionalities between None, Read, Read/Write or Custom.
    7. Select Read/Write for both Policy and Address options under Firewall Option.
    8. Click OK to create your new admin profile

    Phase 2: Create a REST API Admin and generate an API key

    1. Navigate to System from the sections listed on the left in the dashboard.
    2. Select Administrators under the System section.
    3. Click on the Create New icon.
    4. Select the REST API Admin option.
    5. You will see the New REST API Admin window open.
    6. Enter an appropriate username for your REST API admin profile.
    7. Select your previously created Administrator Profile from the drop-down menu.
    8. Click on OK to confirm your New REST API Admin.
    9. Once you are done with this process, the system will automatically generate a new API key, which will be displayed only once.
    10. Copy the generated API key before shutting it down.
    NOTE In case you lose your newly generated API key, you can go back to the Administrator section and click on the Regenerate icon.

    After this process, You can configure a set of common credentials for executing playbooks in all Fortigate devices by following the steps given below:

    Updating playbook credentials
    1. Enter the Username and the REST API Key.
    2. Click on Add to store and use these credentials to execute playbooks on all Fortigate devices.

    To automate playbooks in PaloAlto devices

    Pre-requisites:

    To execute playbooks successfully, API access should be enabled by following the steps given below.

    Phase 1:

    1. Choose an Admin Role profile.
    2. Navigate to Device → Admin Roles and either pick an existing role or set up a new one.

    Phase 2:

    1. Define the permissions available for the selected admin role.
    2. Open the XML API section.
    3. Turn on or off specific XML API capabilities like Report, Log, and Configuration.
    4. Click OK to apply and save your changes.

    Phase 3:

    Assign the configured admin role to the desired administrator account.

    Please note that the required permissions for the user under XML API are:

    • Configuration
    • Operational Requests
    • Commit

    You can configure a set of common credentials for executing playbooks in all PaloAlto devices by following the steps given below:

    Updating playbook credentials
    1. Enter the Username and Password.
    2. Click on Add to store and use these credentials to execute playbooks on all PaloAlto devices.

    To automate playbooks in SophosXG devices

    You must configure the encrypted password to execute playbooks on SophosXG devices. You can generate the encrypted password using the steps given below:

    Phase 1: Create an administrator profile

    Log in to your Sophos application and create an administrator profile with read-write permission for objects and network.

    1. Go to Profiles > Device access and create an administrator profile with specific rights.
    2. Click Save.
      Updating playbook credentials

    Phase 2: Create an administrator

    1. Create a user and add the administrator profile.
    2. When you add a user with the API administrator profile, you can limit the administrator's rights based on the profile. Alternatively, you can use an existing administrator account.
    3. Go to Authentication > Users and click Add.
    4. Set User type to Administrator.
    5. Select the API administrator profile created in step 1.
    6. To allow access for a specific time, select the Access time.
    7. To allow access only from specific IP addresses, select an option for Login restriction for device access.
    8. Click Save.
      Updating playbook credentials

    Phase 3: Allow API access

    Turn on API configuration and allow API access from the administrator's IP address:

    1. Go to Backup and firmware > API.
    2. Select API configuration.
    3. For Allowed IP address, enter the IP address from which you'll make the API request and click the add icon.
    4. Click Apply.
      Updating playbook credentials

    Phase 4: To generate encrypted password

    1. Log in to advanced shell in the firewall.
    2. Execute the following command:

      -aes-128-cbc-tool -k Th1s1Ss1mPlygR8API -t 1 -s <password>-

    3. Copy the password and use it in the API configuration.
    NOTE

    The product will continue to support Sophos XG devices up to SFOS v19.0.

    If you wish to integrate with newer versions of Sophos XG, please contact us. We can make the necessary adjustments in the database to accommodate the new API credentials mechanism.

    All Sophos-related actions will continue to be supported.

    After generating the encrypted password, you can configure a set of common credentials for executing playbooks in all SophosXG devices by following the steps given below:

    Updating playbook credentials
    1. Enter the Username and Encrypted Password.
    2. Click on Add to store and use these credentials to execute playbooks on all SophosXG devices.

    To automate playbooks in Barracuda CloudGen devices

    In order to execute playbooks in Barracuda CloudGen devices, you need to create an X-API Token using the steps given below:

    Phase 1: Enable the REST API for HTTPS

    1. Navigate to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.
    2. Click the Lock button to enable editing.
    3. In the HTTP interface section, enable the HTTPS interface option.
    4. Specify the port number you'd like to use for API requests in the HTTPS Port field.
    5. (Optional) To allow API requests through management IPs rather than the loopback address, enable the Bind to Management IPs setting.
    6. Click New Key to generate a private key of your preferred key length, or import your existing key.
    7. Click Ex/Import to either generate a self-signed certificate or upload an already existing one.

    NOTE Ensure that the certificate’s common name matches the URI of your API request. For instance, if you're sending a request to https://CGF1.example:8443, the common name in the certificate should be CGF1.example.

    Phase 2: Create an administrator profile for REST API authentication.

    To authenticate with the REST API, a user account with the required privileges must exist, either in the Control Center for centrally managed firewalls or directly on the individual firewall for standalone setups. This user must hold the Manager role in both scenarios.

    If you need a read-only user, you can duplicate the Observer role under the Control Center’s Administrative Roles section, enable the Access to REST API option, and then create a new user under CC-Admin with this custom role assigned.

    Phase 3: Create an X-API Token for authentication.

    1. Navigate to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.
    2. Select Lock to begin editing.
    3. From the left-hand panel, choose Access Tokens.
    4. Click the + icon in the Access Tokens area.
    5. Provide a name for the new token and click OK to proceed.
    6. In the window that appears, click Generate New Token.
    7. Specify the Admin username that will be used for authentication.
    8. Set the validity period in days under the Time to live field.
    9. Click OK to finalize and create the token.

    After finishing the process, you can configure a set of common credentials for executing playbooks in all Barracuda CloudGen devices by following the steps given below:

    Updating playbook credentials
    1. Enter the Username along with the generated REST Access Token.
    2. Click on Add to store and use these credentials to execute playbooks in all Barracuda CloudGen devices.

    Automating playbooks in ADManager Plus

    ADManager Plus , an IGA solution with hybrid Active Directory management, reporting, and automation capabilities, must be integrated with Log360 for the successful execution of response playbooks. The list of actions that can be added to the playbook are called playbook blocks. These actions include:

    • Enabling, disabling, updating, and deleting a user
    • Enabling, disabling, and deleting a computer
    • Resetting a user's password
    • Adding to, and removing users from a group

    Only after the integration is complete can any of these actions be carried out.

    You can set up an integration in the product to execute actions via ADManager Plus. Here are the steps:

    Updating playbook credentials
    1. After selecting the credential type as ADManager Plus, fill in the required details about the Host, Protocol, Port and Auth Token.
    2. Click on Add, to integrate ADManager Plus with the product.

    Automating playbooks in SNMP TRAP

    To automate all SNMP Trap playbooks, you can configure a common credential by following these steps:

    Updating playbook credentials
    1. After choosing SNMP Trap as the credential type, enter the SNMP credential.
    2. Click Add to save. This credential will now be used to execute all SNMP Trap playbooks.

    NOTE Refer to the port management page for details on how to update credentials.

    Read also

    This document elaborated on a simple and step-by-step guide on how to update playbook credentials. If you're building workflows, explore how to create custom playbooks and assign device actions.