Welcome to AlgoBot

Install AlgoBot on your Slack workspace to chat with AlgoBot on Slack. You must be a Slack Administrator to perform this procedure.

Do the following:

1. Click this link to Slack or navigate to https://e4u3ndk8m6.execute-api.us-east-1.amazonaws.com/production to install AlgoBot on Slack.

2. Click Add to Slack. You are prompted to authorize the AlgoSec Slack App.

3. If your are not already signed in to your workspace on Slack, do so now. Otherwise continue to the next step.

4. Click Allow to give AlgoBot permission to access the your Slack workspace.

   AlgoBot is authorized on Slack, and the following keys and values are displayed:

   • BOT_TOKEN
   • BOT_ID
5. Click Export to CSV to download these values and save them for later use.

Continue on this page with Configure AlgoBot on the ASMS server.

1. In Microsoft Teams, AlgoBot must use webhooks to be notified about new messages.

   Use either ngrok or TunnelRelay to configure AlgoBot to accept webhook tunnels from the internet:

   Install and configure ngrok

   ngrok is a useful tool to create secure tunnels to locally hosted applications using a reverse proxy. Microsoft recommends ngrok in their documentation.

   • Requirements: ngrok subscription Enterprise level*.

     *ngrok Subscription Enterprise level provides a stable custom endpoint. For example, during ASMS upgrades and reboots, Teams will maintain endpoint settings. The Enterprise level is recommended for a production environment.

   • Pricing: See ngrok pricing (for Enterprise level).

   Install and configure ngrok for use with AlgoBot

   1. Download the TGZ file (x86-64) from ngrok for Linux from the ngrok download page to your ASMS machine /home/afa folder.

   2. Run the command:

      sudo tar -xvzf /home/afa/ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin

   3. On the ngrok website ngrok.com, log in to your ngrok subscription.

   4. On the Authentication tab, select Your Authtoken sub-tab.

      

      Copy the Authtoken script from the Command Line section:

      ngrok config add-authtoken <Your Authtoken>

      Paste to the command line on the ASMS machine, and run the command.

   5. • For Enterprise level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by adding the unique name:

        ExecStart=/usr/local/bin/ngrok http --subdomain=<unique name> 5000 --> Modify the <unique name>

        For example:

        ExecStart=/usr/local/bin/ngrok http --subdomain=algobot.companyName 5000

      • For Free level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by removing the string "--subdomain=<unique name>"):

        ExecStart=/usr/local/bin/ngrok http 5000

   6. Enable the service:

      systemctl enable --now ngrok.service

   7. The https or http endpoint provided by ngrok is output when the subscription command is run. Note, and save the ngrok https or http endpoint for later.

   Close ⌃
   Install and configure TunnelRelay

   TunnelRelay is a Microsoft OpenSource project to allow bots running from internal networks to respond to messages from Microsoft Teams.

   • Requirements: Admin access to a Microsoft Azure subscription.
   • Pricing: Volume-based pricing by Azure. For more details, see the TunnelRelay README .

   Install and configure TunnelRelay for use with AlgoBot.

   1. In Azure:
   1. Create a new relay and give it a logical name. Select any region available for your new relay.
   2. In the Relay screen, click +Hybrid Connection.
   3. Give the hybrid connection a Name.
   4. Make sure the Requires Client Authorization check box is NOT selected.
   5. Make a note of the Relay name, and the Hybrid Connection name.
   6. On the left side menu click Shared access policies. Make a note of the Policy name.

      

      In this example, RootManageSharedAccessKey.

   7. Click the Policy. An information screen opens to the right.

      

   8. Select Manage, Send and Listen permissions.

   9. Make a note of the Primary Key.

   2. Open a CLI session to ASMS, and download the latest TunnelRelay.Console v2 binary file for Linux from GitHub to the folder /data/ms-algobot/relay.
   3. Run the script:

      /usr/share/algobot/tunnel_relay_config_creation.sh

   4. Configure the TunnelRelay, when prompted enter the information that you made note of above:
      1. Azure Relay Key: The shared access key.
      2. Relay name: the name of the relay.
      3. Hybrid Connection Name: the unique hybrid connection name.
      4. Shared Policy Name: name of the Policy.

   5. Run the TunnelRelay.Console executable from the /data/ms-algobot/relay folder.

   6. Note the webhook endpoint provided by TunnelRelay, and save it for later.

   Continue with step 2.

   Close ⌃

2. Copy the microsoft-teams-manifest.zip (located in /usr/share/algobot on the ASMS server) to a local directory on the machine you are configuring Teams.

3. If you haven’t yet added the Developer Portal app to Teams, do it now.

   

4. In the Developer Portal:

   1. Select the Tools tab. Click Bot management.

      

   2. Click + New Bot. Name the bot: AlgoBot. Click Add. The Bot page opens.

      

   3. Add Bot endpoint address if available (you can always add it later), and click Save.

   4. Click Client secrets. Click Add a client secret for your bot.

      

      Note: Client secret is also known as App Password

      The new client secret is generated. Copy and save it for later.

      

   5. Click < Bots to return to the Bot Management page In Tools tab . Copy the BotID to use later.

      

   6. Click the Teams Apps tab, select Import app. Browse for the microsoft-teams-manifest.zip file. The AlgoBot app page appears.

   7. Select App features from the left menu. Click Bot.

      

      The Bot Page appears.

      

   8. Click Select an existing bot and choose the newly created algobot (alternatively you can manually enter theBot ID).

      Select all 3 scopes in which people can use the command: Personal, Team, Group chat. Click Save.

   9. Click Publish.

5. In the Developer Portal go to the Apps tab. Click the ellipsis (...) and select Download the app package from the AlgoBot app.

   

6. In Microsoft Teams, on the left side menu, click on Apps-> Manage your apps -> Upload an app. The Upload an App window opens.

   

7. Click Upload a custom app. Browse for the algobot.zip file (downloaded in step 4). The AlgoBot page appears.

8. click Add.

Continue on this page with Configure AlgoBot on the ASMS server.

Do the following:

1. On Cisco Webex, AlgoBot must use webhooks to be notified about new messages. Use ngrok to configure AlgoBot to accept webhook tunnels from the internet:

   Install and configure ngrok

   ngrok is a useful tool to create secure tunnels to locally hosted applications using a reverse proxy. Microsoft recommends ngrok in their documentation.

   • Requirements: ngrok subscription Enterprise level*.

     *ngrok Subscription Enterprise level provides a stable custom endpoint. For example, during ASMS upgrades and reboots, Teams will maintain endpoint settings. The Enterprise level is recommended for a production environment.

   • Pricing: See ngrok pricing (for Enterprise level).

   Install and configure ngrok for use with AlgoBot

   1. Download the TGZ file (x86-64) from ngrok for Linux from the ngrok download page to your ASMS machine /home/afa folder.

   2. Run the command:

      sudo tar -xvzf /home/afa/ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin

   3. On the ngrok website ngrok.com, log in to your ngrok subscription.

   4. On the Authentication tab, select Your Authtoken sub-tab.

      

      Copy the Authtoken script from the Command Line section:

      ngrok config add-authtoken <Your Authtoken>

      Paste to the command line on the ASMS machine, and run the command.

   5. • For Enterprise level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by adding the unique name:

        ExecStart=/usr/local/bin/ngrok http -subdomain=<unique name> 5000 --> Modify the <unique name>

        For example:

        ExecStart=/usr/local/bin/ngrok http -subdomain=algobot.companyName 5000

      • For Free level subscription, in /usr/lib/systemd/system/ngrok.service, modify the following line by removing the string "-subdomain=<unique name>"):

        ExecStart=/usr/local/bin/ngrok http 5000

   6. Enable the service:

      systemctl enable --now ngrok-service

   7. The https or http endpoint provided by ngrok is output when the subscription command is run. Note, and save the ngrok https or http endpoint for later.

   Close ⌃

2. Use the Cisco Developer Tool to install AlgoBot on Cisco Webex. To create an new account, see https://developer.webex.com .

3. Connect to Cisco Developer Tool .

4. Click Create a New App.

5. Click Create a Bot. The New Bot page opens.

6. Enter the following:

   Field	Input details
   Bot name	AlgoBot
   Bot username	<unique user name> (for example: algobot1234) Note: Do not use the name AlgoBot
   Icon	Download this icon to your computer and upload to the Bot page Icon field.
   Description	The following is an example description: AlgoBot, is an intelligent chatbot that handles network security policy management tasks for you. AlgoBot answers your questions, submitted in plain English, and personally assists with security policy change management processes – without requiring manual inputs or additional research.\n\nWith AlgoBot you can: \n- Offload day-to-day tasks from firewall and network administrators to provide faster and more intuitive service to internal customers\n- Reduce ticket resolution time by giving the Support team the tools to ask – and get immediate answers – to security connectivity questions\n- Respond to security incidents faster and more effectively\n- Give application owners visibility into their application’s network security connectivity\n- Improve the quality and speed of application deployments by allowing DevOps to incorporate security management directly into their processes.\n\nYou can communicate with AlgoBot in English, German, French or Portuguese from the comfort of a chat room or a mobile app.

7. Click Add Bot. The Congratulations message appears.

   

8. Click Copy Token.

9. In Cisco Webex, in your company Webex Space, click the People tab.

   

10. Enter the username (In our example, algobot1234@webex.bot) and click Add.

Continue on this page with Configure AlgoBot on the ASMS server.

Do the following:

1. In ASMS, click your username at the top-right to access the AFA Administration area.

2. Click the INTEGRATIONS tab to access AlgoBotConfiguration.

   

3. Select the Chat Platform: Slack, Microsoft Teams, or Cisco Webex.

4. Select the AlgoBot default Language: English, German, French or Portuguese.

   Note: Even though the default language is set to a specific language, AlgoBot will still understand other languages as well.

5. Enter the following information:

   For Slack

   Slack Bot Token	The serial number generated by your Slack workspace.
   Slack Bot ID	The ID generated by your Slack workspace.

   Close ⌃
   For Microsoft Teams

   Microsoft Teams Bot ID	The ID generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.
   Microsoft Teams Client Secret	The Client Secret generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.

   Close ⌃
   For Cisco Webex

   Webex Bot token	The token generated by the Cisco Developer Tool when you added AlgoBot.
   Webex Messaging Endpoint	The ngrok http or https endpoint you saved above.
   Webex Teams URL	(optional) Base URL used to connect to Webex. If left blank, uses the default URL https://webexapis.com/v1/ .

   Close ⌃

6. Check Use Default AlgoBot User to enable a Default AlgoBot User.

   Note: By defining a default AlgoBot user, you are enabling non- ASMS users to to use permitted AlgoBot commands.

   AlgoBot uses ASMS permissions in the AlgoBot session. For non-ASMS users, you can create a default AlgoBot user and give it the permissions you want.

   Any user who chats with AlgoBot, if they are not recognized by ASMS, will receive the permissions of the default user.

7. Enter the default AlgoBot user username and password:

   Note : The password is internal (for connection with ASMS). Users of AlgoBot won't need to know it.

   

8. Define the default AlgoBot user in ASMS and assign it the permissions you want. See Manage users and roles in AFA.

1. Connect to the Administration Interface as user root. . For details, see Connect to and Utilize the Administration Interface.

2. In the administration interface main menu, run option 14 - Product and cloud configuration

   Run option 4 - AlgoBot configuration. Choose the chat platform.

3. Follow the on-screen instructions and enter the details as needed.

   You saved some of these details when you performed the procedures above:

   • For Slack

     Slack Bot Token	The serial number generated by your Slack workspace.
     Slack Bot ID	The ID generated by your Slack workspace.

     Close ⌃
   • For Microsoft Teams

     Microsoft Teams Bot ID	The ID generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.
     Microsoft Teams Client Secret	The Client Secret generated in the Bot tab in Microsoft Teams Developer Portal, during the AlgoBot setup.

     Close ⌃
   • For Cisco Webex

     Webex Bot token	The token generated by the Cisco Developer Tool when you added AlgoBot.
     Webex Messaging Endpoint	The ngrok http or https endpoint you saved when you configured ngrok.

     Close ⌃

   Note: Some values have defaults already configured. To use the default value, press ENTER when relevant.

   Some steps will prompt you for optional configurations, see on this page Configure a default AlgoBot user (for non-ASMS users)

   AlgoBot is now configured on your ASMS server and connected to your chat platform.

Configure a default AlgoBot user (for non-ASMS users)

AlgoBot uses ASMS permissions in the AlgoBot session. For non-ASMS users, you can create a default AlgoBot user and give it the permissions you want.

Any user who chats with AlgoBot, if they are not recognized by ASMS, will receive the permissions of the default user.

Do the following:

1. When prompted to configure a default AlgoBot user, enter Y:

   Would you like to configure a default AlgoBot user? [Y/n]: y

2. Enter the default AlgoBot user username and password:

   Note : The password is internal (for connection with ASMS). Users of AlgoBot won't need to know it.
   

   Default AlgoBot user []:

   Default AlgoBot password []:

3. Define the user in ASMS and assign it the permissions you want. See Manage users and roles in AFA.

Change AlgoBot's default language

Do the following:

1. Connect to the ASMS Administration interface (algosec_conf). For details, see Connect to and Utilize the Administration Interface.
2. In the administration interface main menu, run option 14 - Product and cloud configuration.
3. Run option 4 - AlgoBot configuration.
4. Choose the chat platform you want to set the language for.

5. When prompted, enter the default_language (supported options are "en" (english ), "de" (german), "fr" (french) , "pt" (portuguese)).