FireFlow hooks
This section explains how to use hooks with FireFlow.
FireFlow hook reference
It is possible to configure FireFlow to extract certain parameters on the fly, by using hooks. This helps streamline the change request lifecycle and is particularly helpful for managed security service providers (MSSPs).
For example, during the Initial Plan stage of the change request lifecycle, FireFlow checks the requested traffic against the ALL_FIREWALLS group, by default. If you have several customers, each of which is a large organization with numerous devices, checking traffic against all of the devices of each organization is unnecessary and time consuming. By using hooks, it is possible to configure FireFlow to check traffic only against the devices of the organization that issued the change request.
FireFlow supports the following hooks:
AllowZoneName | Use to allow zone names instead of the AFF recommendation in the work order. controls the Source Zone and Destination Zone Fields in Palo Alto (Panorama) Work Orders. |
ExcludeAcl | Sets which, if any, ACLs to exclude from the work order. |
FilterInitialPlanResults | Filter initial planning results to remove devices. |
GetAdditionalRealGroupNames | Retrieve the names of the additional responsible user roles for the change request in a lifecycle stage with parallel actions. |
GetExternalRisks |
Return detected risks and their details. |
GetFirewallGroupName | Retrieve the device group against which traffic should be checked in the Initial Plan stage. |
GetRealGroupName | Retrieve the name of the user role responsible for the change request in each lifecycle stage. |
GetRequestorSearches | Retrieve searches in the Requestors Web Interface. |
GetWorkFlowName | Retrieve the name of the workflow to assign the change request in the Request stage. |
LoadConfigHook | Save pre-calculated data or configurations to the FireFlow server in-memory configuration and retrieve the data later. |
SuggestCommentSuffix | Add suffixes to add to suggested rule comments in the work order. |
SuggestGroupName | Suggest group names to match groups of IP addresses or services with no associated group name in a work order. |
SuggestHostName | Suggest host names to match IP addresses with no associated hostname in a work order. |
SuggestPropertyValue |
Suggest new values for the rule properties for Palo Alto and Fortimanager device work orders. Note: This hook is applicable only to brands that support changing their rule names. |
SuggestPropertyValues | Suggest new values for any of the extra properties of the traffic line of the current change request. |
SuggestRuleName |
Suggest a name for a new rule that does not yet have a name. Note: The SuggestRuleName hook is applicable only to brands that support setting rules' names. |
SuggestSectionName | Suggest a value for a section of a new rule when the work order suggests adding a new rule |
SuggestServiceName | Suggest names to match services with no associated name in the work order. |
ValidateTicket | Validate a new or modified change request. |
ValidateWorkOrderEdit | Validate host names, groups, and comments in a manually edited work order. |
Use hooks to control parameters
Do the following:
-
Log in to the FireFlow server using the username "root" and the related password.
-
Under the /usr/share/fireflow/local/etc/site/lib directory, create a Perl pm file.
The file can have any name.
For example, you can create the file /usr/share/fireflow/local/etc/site/lib/MyHooks.pm, and should begin with the line:
package FireFlow::Hooks;
-
In the file you created, implement the desired hooking functions.
-
Use the generic procedure for overriding system defaults in the CLI to set the configuration parameter HooksFileNames to the name of the Perl pm file you created. For details, see Override FireFlow system defaults.
In the example above, the value would be MyHooks.
- Restart FireFlow. See Restarting FireFlow (see Restart FireFlow).
Hook usage examples
For a comprehensive example, refer to the following files on the FireFlow server:
- A sample Perl module is located under /usr/share/fireflow/local/Hooks/ExampleHooks.pm
- The related XML data is located under /usr/share/fireflow/local/etc/site/Hooks/Example_Config.xml