Welcome to AlgoBot

AlgoSec AlgoBot is your personal security policy management assistant. AlgoBot provides quick and easy access to core ASMS functionality from the comfort of your organization's existing chat platforms, including Desktop, Web, or Mobile options. AlgoBot is supported on Slack, Microsoft Teams, and Cisco Webex.

Interested in deploying AlgoBot?

Please let us know. Get in touch with us at [email protected].
We will be glad to support your deployment.

Chat with AlgoBot

Chat with AlgoBot to run traffic simulations, submit change requests, analyze application impact, and more!

  • Enter @algobot help to view a full list of available commands and requests.
  • Send direct messages to AlgoBot from your chat platform. If there are more than the two of you in the chat, use the @algobot prefix so that AlgoBot knows you're talking to it.

  • Language support: If you’re typing in English, German, French, or Portuguese, AlgoBot will attempt to recognize the language and reply in kind. By default, AlgoBot replies in English. See on this page Select the AlgoBot default Language: English, German, French or Portuguese.

  • Invite AlgoBot to any of your Slack channels. Once invited, AlgoBot listens to all commands you send to @algobot.

Note: Make sure that you have run an analysis in AFA before using AlgoBot. AlgoBot needs AFA data to be able to help you!

For example:

Deploy AlgoBot

To deploy AlgoBot, first install AlgoBot on your chat platform, and then configure it on your ASMS server.

AlgoBot prerequisites and deployment configurations

As a Chat Bot, AlgoBot has to be notified of any new messages that the users may send over one of the supported chat platforms. To integrate AlgoBot with your organization's chat platforms, your system must meet the following prerequisites:

Internet access

The ASMS server must be able to access the internet and the chat platform servers.

Verify also that you have the following connectivity:

Important: The following list is based on Microsoft recommendations at time of publishing this web page. Since Microsoft regularly adjusts their list of URLs for connectivity, we recommend you consult their list if a problem occurs. To access the most comprehensive list, refer to the following URL provided by Microsoft.

  • http://www.microsoft.com/pki/mscorp/Microsoft%20RSA%20TLS%20CA%2001.crt

  • http://ocsp.msocsp.com

  • http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2001.crl

  • http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2001.crl

  • http://ocsp.digicert.com

  • http://crl3.digicert.com/Omniroot2025.crl

  • *.botapi.skype.com

  • login.botframework.com

  • http://www.slack.com/

  • *.lb.slack-msgs.com

  • webexapis.com

  • http://certs.godaddy.com/repository/

Unauthenticated proxies are supported if needed.

For details, see the diagrams below: AlgoBot with no proxy | AlgoBot with a proxy
Permissions You must have administrator privileges and access to authorize AlgoBot on your chat platform.
DNS The ASMS Central Manager must be configured with DNS. See Configure DNS Server.

Install AlgoBot on your chat platform

Follow these instructions to install AlgoBot on your chat platform.

Install AlgoBot on your Slack workspace to chat with AlgoBot on Slack. You must be a Slack Administrator to perform this procedure.

Note: Before starting, make sure you have permissions for the following required scopes in Slack:

  • chat:write

  • chat:write:user

  • chat:write:bot

Do the following:

  1. Click this link to Slack or navigate to https://e4u3ndk8m6.execute-api.us-east-1.amazonaws.com/production to install AlgoBot on Slack.

  2. Click Add to Slack. You are prompted to authorize the AlgoSec Slack App.

  3. If your are not already signed in to your workspace on Slack, do so now. Otherwise continue to the next step.

  4. Click Allow to give AlgoBot permission to access the your Slack workspace.

    AlgoBot is authorized on Slack, and the following keys and values are displayed:

    • BOT_TOKEN
    • BOT_ID
  5. Click Export to CSV to download these values and save them for later use.

Continue on this page with Configure AlgoBot on the ASMS server.

  1. In Microsoft Teams, AlgoBot must use webhooks to be notified about new messages.

    Use either ngrok or TunnelRelay to configure AlgoBot to accept webhook tunnels from the internet:

    ngrok is a useful tool to create secure tunnels to locally hosted applications using a reverse proxy. Microsoft recommends ngrok in their documentation.

    • Requirements: ngrok subscription Enterprise level*.

      *ngrok Subscription Enterprise level provides a stable custom endpoint. For example, during ASMS upgrades and reboots, Teams will maintain endpoint settings. The Enterprise level is recommended for a production environment.

    • Pricing: See ngrok pricing (for Enterprise level).

    Install and configure ngrok for use with AlgoBot

    1. Download the TGZ file (x86-64) from ngrok for Linux from the ngrok download page to your ASMS machine /home/afa folder.

    2. Run the command:

      sudo tar -xvzf /home/afa/ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin

    3. On the ngrok website ngrok.com, log in to your ngrok subscription.

    4. On the Authentication tab, select Your Authtoken sub-tab.

      Copy the Authtoken script from the Command Line section:

      ngrok config add-authtoken <Your Authtoken>

      Paste to the command line on the ASMS machine, and run the command.

      • For Enterprise level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by adding the unique name:

        ExecStart=/usr/local/bin/ngrok http --subdomain=<unique name> 5000 --> Modify the <unique name>

        For example:

        ExecStart=/usr/local/bin/ngrok http --subdomain=algobot.companyName 5000

      • For Free level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by removing the string "--subdomain=<unique name>"):

        ExecStart=/usr/local/bin/ngrok http 5000

    6. Enable the service:

      systemctl enable --now ngrok.service

    7. The https or http endpoint provided by ngrok is output when the subscription command is run. Note, and save the ngrok https or http endpoint for later.

    TunnelRelay is a Microsoft OpenSource project to allow bots running from internal networks to respond to messages from Microsoft Teams.

    • Requirements: Admin access to a Microsoft Azure subscription.
    • Pricing: Volume-based pricing by Azure. For more details, see the TunnelRelay README .

    Install and configure TunnelRelay for use with AlgoBot.

    1. In Azure:
      1. Create a new relay and give it a logical name. Select any region available for your new relay.
      2. In the Relay screen, click +Hybrid Connection.
      3. Give the hybrid connection a Name.
      4. Make sure the Requires Client Authorization check box is NOT selected.
      5. Make a note of the Relay name, and the Hybrid Connection name.
      6. On the left side menu click Shared access policies. Make a note of the Policy name.

        In this example, RootManageSharedAccessKey.

      7. Click the Policy. An information screen opens to the right.

      8. Select Manage, Send and Listen permissions.

      9. Make a note of the Primary Key.

    2. Open a CLI session to ASMS, and download the latest TunnelRelay.Console v2 binary file for Linux from GitHub to the folder /data/ms-algobot/relay.
    3. Run the script:

      /usr/share/algobot/tunnel_relay_config_creation.sh

    4. Configure the TunnelRelay, when prompted enter the information that you made note of above:
      1. Azure Relay Key: The shared access key.
      2. Relay name: the name of the relay.
      3. Hybrid Connection Name: the unique hybrid connection name.
      4. Shared Policy Name: name of the Policy.

    5. Run the TunnelRelay.Console executable from the /data/ms-algobot/relay folder.

    6. Note the webhook endpoint provided by TunnelRelay, and save it for later.

    Continue with step 2.

  2. Copy the microsoft-teams-manifest.zip (located in /usr/share/algobot on the ASMS server) to a local directory on the machine you are configuring Teams.

  3. If you haven’t yet added the Developer Portal app to Teams, do it now.

  4. In the Developer Portal:

    1. Select the Tools tab. Click Bot management.

    2. Click + New Bot. Name the bot: AlgoBot. Click Add. The Bot page opens.

    3. Add Bot endpoint address if available (you can always add it later), and click Save.

    4. Click Client secrets. Click Add a client secret for your bot.

      Note: Client secret is also known as App Password

      The new client secret is generated. Copy and save it for later.

    5. Click < Bots to return to the Bot Management page In Tools tab . Copy the BotID to use later.

    6. Click the Teams Apps tab, select Import app. Browse for the microsoft-teams-manifest.zip file. The AlgoBot app page appears.

    7. Select App features from the left menu. Click Bot.

      The Bot Page appears.

    8. Click Select an existing bot and choose the newly created algobot (alternatively you can manually enter theBot ID).

      Select all 3 scopes in which people can use the command: Personal, Team, Group chat. Click Save.

    9. Click Publish.

  1. In the Developer Portal go to the Apps tab. Click the ellipsis (...) and select Download the app package from the AlgoBot app.

  2. In Microsoft Teams, on the left side menu, click on Apps-> Manage your apps -> Upload an app. The Upload an App window opens.

  3. Click Upload a custom app. Browse for the algobot.zip file (downloaded in step 4). The AlgoBot page appears.

  4. click Add.

Continue on this page with Configure AlgoBot on the ASMS server.

Do the following:

  1. On Cisco Webex, AlgoBot must use webhooks to be notified about new messages. Use ngrok to configure AlgoBot to accept webhook tunnels from the internet:

    ngrok is a useful tool to create secure tunnels to locally hosted applications using a reverse proxy. Microsoft recommends ngrok in their documentation.

    • Requirements: ngrok subscription Enterprise level*.

      *ngrok Subscription Enterprise level provides a stable custom endpoint. For example, during ASMS upgrades and reboots, Teams will maintain endpoint settings. The Enterprise level is recommended for a production environment.

    • Pricing: See ngrok pricing (for Enterprise level).

    Install and configure ngrok for use with AlgoBot

    1. Download the TGZ file (x86-64) from ngrok for Linux from the ngrok download page to your ASMS machine /home/afa folder.

    2. Run the command:

      sudo tar -xvzf /home/afa/ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin

    3. On the ngrok website ngrok.com, log in to your ngrok subscription.

    4. On the Authentication tab, select Your Authtoken sub-tab.

      Copy the Authtoken script from the Command Line section:

      ngrok config add-authtoken <Your Authtoken>

      Paste to the command line on the ASMS machine, and run the command.

      • For Enterprise level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by adding the unique name:

        ExecStart=/usr/local/bin/ngrok http -subdomain=<unique name> 5000 --> Modify the <unique name>

        For example:

        ExecStart=/usr/local/bin/ngrok http -subdomain=algobot.companyName 5000

      • For Free level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by removing the string "-subdomain=<unique name>"):

        ExecStart=/usr/local/bin/ngrok http 5000

    6. Enable the service:

      systemctl enable --now ngrok-service

    7. The https or http endpoint provided by ngrok is output when the subscription command is run. Note, and save the ngrok https or http endpoint for later.

  1. Use the Cisco Developer Tool to install AlgoBot on Cisco Webex. To create an new account, see https://developer.webex.com .

  2. Connect to Cisco Developer Tool .

  3. Click Create a New App.

  4. Click Create a Bot. The New Bot page opens.

  5. Enter the following:

    Field Input details
    Bot name AlgoBot
    Bot username algobot
    Icon

    Download this icon to your computer and upload to the Bot page Icon field.
    Description

    The following is an example description: AlgoBot, is an intelligent chatbot that handles network security policy management tasks for you. AlgoBot answers your questions, submitted in plain English, and personally assists with security policy change management processes – without requiring manual inputs or additional research.\n\nWith AlgoBot you can: \n- Offload day-to-day tasks from firewall and network administrators to provide faster and more intuitive service to internal customers\n- Reduce ticket resolution time by giving the Support team the tools to ask – and get immediate answers – to security connectivity questions\n- Respond to security incidents faster and more effectively\n- Give application owners visibility into their application’s network security connectivity\n- Improve the quality and speed of application deployments by allowing DevOps to incorporate security management directly into their processes.\n\nYou can communicate with AlgoBot in English, German, French or Portuguese from the comfort of a chat room or a mobile app.

  1. Click Add Bot.

  2. Click Copy Token.

Continue on this page with Configure AlgoBot on the ASMS server.

Configure AlgoBot on the ASMS server

After installing AlgoBot on your chat platform, configure AlgoBot on your ASMS server.

You can configure AlgoBot either using the ASMS user interface or using the algosec_conf menu.

Do the following:

  1. In ASMS, click your username at the top-right to access the AFA Administration area.

  2. Click the INTEGRATIONS tab to access AlgoBotConfiguration.

  3. Select the Chat Platform: Slack, Microsoft Teams, or Cisco Webex.

  4. Select the AlgoBot default Language: English, German, French or Portuguese.

    Note: Even though the default language is set to a specific language, AlgoBot will still understand other languages as well.

  5. Enter the following information:

    Slack Bot Token The serial number generated by your Slack workspace.
    Slack Bot ID The ID generated by your Slack workspace.
    Microsoft Teams Bot ID The ID generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.
    Microsoft Teams Client Secret The Client Secret generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.
    Webex Bot token The token generated by the Cisco Developer Tool when you added AlgoBot.
    Webex Messaging Endpoint The ngrok http or https endpoint you saved above.
    Webex Teams URL (optional) Base URL used to connect to Webex. If left blank, uses the default URL https://webexapis.com/v1/ .

  6. Check Use Default AlgoBot User to enable a Default AlgoBot User.

    Note: By defining a default AlgoBot user, you are enabling non- ASMS users to to use permitted AlgoBot commands.

    AlgoBot uses ASMS permissions in the AlgoBot session. For non-ASMS users, you can create a default AlgoBot user and give it the permissions you want.

    Any user who chats with AlgoBot, if they are not recognized by ASMS, will receive the permissions of the default user.

  7. Enter the default AlgoBot user username and password:

    Note : The password is internal (for connection with ASMS). Users of AlgoBot won't need to know it.

  8. Define the default AlgoBot user in ASMS and assign it the permissions you want. See Manage users and roles in AFA.

  1. Connect to the Administration Interface as user root. . For details, see Connect to and Utilize the Administration Interface.

  2. In the administration interface main menu, run option 14 - Product and cloud configuration

    Run option 4 - AlgoBot configuration. Choose the chat platform.

  3. Follow the on-screen instructions and enter the details as needed.

    You saved some of these details when you performed the procedures above:

    • Slack Bot Token The serial number generated by your Slack workspace.
      Slack Bot ID The ID generated by your Slack workspace.
    • Microsoft Teams Bot ID The ID generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.
      Microsoft Teams Client Secret The Client Secret generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.
    • Webex Bot token The token generated by the Cisco Developer Tool when you added AlgoBot.
      Webex Messaging Endpoint The ngrok http or https endpoint you saved when you configured ngrok.

    Note: Some values have defaults already configured. To use the default value, press ENTER when relevant.

    Some steps will prompt you for optional configurations, see on this page Configure a default AlgoBot user (for non-ASMS users)

    AlgoBot is now configured on your ASMS server and connected to your chat platform.

Configure a default AlgoBot user (for non-ASMS users)

Note: By defining a default AlgoBot user, you are enabling non- ASMS users to access AlgoBot.

AlgoBot uses ASMS permissions in the AlgoBot session. For non-ASMS users, you can create a default AlgoBot user and give it the permissions you want.

Any user who chats with AlgoBot, if they are not recognized by ASMS, will receive the permissions of the default user.

Do the following:

  1. When prompted to configure a default AlgoBot user, enter Y:

    Would you like to configure a default AlgoBot user? [Y/n]: y

  2. Enter the default AlgoBot user username and password:

    Note : The password is internal (for connection with ASMS). Users of AlgoBot won't need to know it.

    Default AlgoBot user []:

    Default AlgoBot password []:

  1. Define the user in ASMS and assign it the permissions you want. See Manage users and roles in AFA.

Change AlgoBot's default language

Note: Even though the default language is set to a specific language, AlgoBot will still understand other languages as well.

Do the following:

  1. Connect to the ASMS Administration interface (algosec_conf). For details, see Connect to and Utilize the Administration Interface.
  2. In the administration interface main menu, run option 14 - Product and cloud configuration.
  3. Run option 4 - AlgoBot configuration.
  4. Choose the chat platform you want to set the language for.

  5. When prompted, enter the default_language (supported options are "en" (english ), "de" (german), "fr" (french) , "pt" (portuguese)).

AlgoBot Logs and configuration files

AlgoBot log files are created in /data/ms-algobot/logs.

A set of log and configuration files are saved for each chat platform, with the platform name, for example slack, as part of the filename.

Each set includes the following files:

algobot-<platform>.conf The configuration data generated as part of the installation and configuration process.
algobot-<platform>.log

General logs, commands, and errors. If you need to contact AlgoSec support in reference to AlgoBot, support may request this file.
utilization-<platform>.log A synthesized, clear log of the commands used in AlgoBot for analytics purposes.