FireMon Asset Manager
Page tree

Following are the command-line interface commands to Add, Enable, List, and Remove Cloud credentials along with the command to see whether Cloud Discovery is enabled. All commands on this page pertain to Cloud Discovery, which is located in Settings > Zones > selected Available Zone > Cloud tab.

Adding AWS Cloud Credentials

To add AWS cloud credentials, follow this sample command in the CLI: 
collector cloudcredentials c1 commandline alias-RKV aws accesskey-ZDG secretKey-OFW region1-EAG,region2-PPR serviceName-CZY

ExampleTypeDescription
collectorCommand

View and edit collectors

cloudcredentialsCommandAdd, replace or delete a set of credentials for cloud services
c1String The collector which will use these credentials
commandlineCommandlineAdd, replace or delete credentials from the command line
alias-RKV
Word An alias for the credentials

aws


String

 The Azure subscription ID

aws    Specify credentials for the AWS cloud
azure   Specify credentials for the Azure cloud
removeRemove a cloud credential

accesskey-ZDG
String Access key
secretKey-OFW
String Secret key
region1-EAG,region2-PPR
String Regions, comma-separated
serviceName-CZY
String Service name


Adding Azure Cloud Credentials

To add Azure cloud credentials, follow this sample command in the CLI: 
collector cloudcredentials c1 commandline rk azure 111 test 123 tttt 12

ExampleTypeDescription
collectorCommand

View and edit collectors

cloudcredentialsCommandAdd, replace or delete a set of credentials for cloud services
c1String The collector which will use these credentials
commandlineCommandlineAdd, replace or delete credentials from the command line
rk Word An alias for the credentials

azure


String

 The Azure subscription ID

aws    Specify credentials for the AWS cloudtop
azure   Specify credentials for the Azure cloud
removeRemove a cloud credential

111String Azure resource groups for these credentials
testString Azure client ID for these credentials
123String Client secret for these credentials
tttt12String The tenant ID for these credentials

Uploading Cloud Credentials

To upload cloud credentials, follow this sample command in the CLI: 
collector cloudcredentials uv1c1 upload "/home/admin/cloudCredentials.txt"

Enabling a Cloud Configuration

To enable cloud configuration, follow this sample command in the CLI: 
collector cloud c1 enable

Listing Cloud Credentials

To list cloud credentials, follow this sample command in the CLI:
collector list name c1 cloud

Sample Payload  for Listing Cloud Credentials 

collector list name c1 cloud

Collector:                        c1

Enabled:                          true

Archived:                         false

Zone:                             IPsonar Mapping

Interface:                        alex-cc-332:eth0

Rescan Interval:                  45

Broadcast Discovery:

  Enabled:                        true

    ARP:                          true

    ICMPv6:                       true

    DHCP:                         true

Host Discovery:

  Enabled:                        true

    Target discovered routes:     true

    ICMP:                         true

    DNS:                          true

    SNMP:                         true

    UDP High Port:                true

    Custom TCP ports:             80

OSPF Discovery:

  Enabled:                        true

BGP Discovery:

  Enabled:                        false

DNS Servers:

  Enabled:                        true

    Internal:                     system

Path Discovery:

  Enabled:                        true

    ICMP:                         true

    DNS:                          true

    SNMP:                         true

    UDP High Port:                true

    Custom TCP ports:             80,8000,8080

    Max stealths:                 1

    Max unknown hops:             4

    Trace to hosts:               true

    Trace discovered routes:      true

    CIDR Expansion:               

           /1 through  /7:        not expanded

           /8 through /15:        20

          /16 through /23:        24

          /24 through /32:        not expanded

Port Discovery:

  Enabled:                        true

    Custom TCP ports:             2049,20034,515,1604,902,135,6346,139,5900,9996,5901,80,1234,2195,2196,21,22,23,88,25,1433,17500,6881,548,3689,31337,3306,5357,110,27374,111,6000,5553,6001,2869,4662,631,3127,6711,5432,12345,443,445,3389,1214,62078,5631

    Use vulnerable ports:         true

    Use infection ports:          true

Device Profiling:

Removing Cloud Credentials

collector cloud c1 credentials ca remove

Viewing Cloud Status

To find out whether cloud discovery is enabled or disabled, follow this example in the CLI:  
collector list name FindingHost_Collector cloud
Where:
FindingHost_Collector is the name of a collector


Azure Cloud CLIs

ScenariosResults

Enable Cloud

admin@QA-CC-rc4> collector cloud c1 enable

Cloud should be enabled

admin@QA-CC-rc4> collector list name c1 cloud
Collector: c1
Cloud Discovery:
Enabled: true
Credentials:

Uploading credential with same alias (Append)

admin@QA-CC-rc4> collector cloudcredentials c1 upload "/home/admin/test_cloud_creds-Azure_append.txt" true
Transferring file...
File retreived



File is uploaded but should not show the same alias credentials in the collector

admin@QA-CC-rc4> collector list name c1 cloud
Collector: c1
Cloud Discovery:
Enabled: true
Credentials:
alias: fauzia
subscription ID: faResourceGroup
resource groups: 47fa9418-a6de-4d52-86ab-c052e8c0f5c7
client ID: 3b2f9a45-9dda-4932-8f39-12614e47cdbd
tenant ID: 891866ed-add8-46aa-9d83-c2b5aaaf50bc

Uploading credential with different alias(Append)

admin@QA-CC-rc4> collector cloudcredentials c1 upload "/home/admin/test_cloud_creds-Azure_append.txt" true
Transferring file...
File retreived


File is uploaded and should append the new alias configs to the existing configs

admin@QA-CC-rc4> collector list name c1 cloud
Collector: c1
Cloud Discovery:
Enabled: true
Credentials:
alias: fauzia
subscription ID: faResourceGroup
resource groups: 47fa9418-a6de-4d52-86ab-c052e8c0f5c7
client ID: 3b2f9a45-9dda-4932-8f39-12614e47cdbd
tenant ID: 891866ed-add8-46aa-9d83-c2b5aaaf50bc
alias: Usha
subscription ID: faResourceGroup
resource groups: 47fa9418-a6de-4d52-86ab-c052e8c0f5c7
client ID: 3b2f9a45-9dda-4932-8f39-12614e47cdbd
tenant ID: 891866ed-add8-46aa-9d83-c2b5aaaf50bc

Remove a cloud credential with the alias name

admin@QA-CC-rc4> collector cloudcredentials c1 commandline fauzia remove


Cloud credential with that alias name has to be deleted

admin@QA-CC-rc4> collector list name c1 cloud
Collector: c1
Cloud Discovery:
Enabled: true
Credentials:
alias: Usha
subscription ID: faResourceGroup
resource groups: 47fa9418-a6de-4d52-86ab-c052e8c0f5c7
client ID: 3b2f9a45-9dda-4932-8f39-12614e47cdbd
tenant ID: 891866ed-add8-46aa-9d83-c2b5aaaf50bc


Upload a credential to replace the existing credential

admin@QA-CC-rc4> collector cloudcredentials c1 upload "/home/admin/test_cloud_creds-Azure.txt" false
Transferring file...
File retreived


Existing credential has to be replaced with the new one

Previous :

admin@QA-CC-rc4> collector list name c1 cloud
Collector: c1
Cloud Discovery:
Enabled: true
Credentials:
alias: Usha
subscription ID: faResourceGroup
resource groups: 47fa9418-a6de-4d52-86ab-c052e8c0f5c7
client ID: 3b2f9a45-9dda-4932-8f39-12614e47cdbd
tenant ID: 891866ed-add8-46aa-9d83-c2b5aaaf50bc

Now:

admin@QA-CC-rc4> collector list name c1 cloud
Collector: c1
Cloud Discovery:
Enabled: true
Credentials:
alias: fauzia
subscription ID: faResourceGroup
resource groups: 47fa9418-a6de-4d52-86ab-c052e8c0f5c7
client ID: 3b2f9a45-9dda-4932-8f39-12614e47cdbd
tenant ID: 891866ed-add8-46aa-9d83-c2b5aaaf50bc

Disable cloud

admin@QA-CC-rc4> collector cloud c1 disable


Cloud has to be disabled

admin@QA-CC-rc4> collector list name c1 cloud

Collector: c1
Cloud Discovery:
Enabled: false


   

  • No labels