Does Firepower_O365_Feed_Parser cause emailed files to be excluded from malware filtering?
Seems this might be the case.

There are multiple empty config option string checks in O365WebServerParser.py that do not implement the check properly, e.g.:

if CONFIG_DATA['WEBEX_ACCESS_TOKEN'] is '' or CONFIG_DATA['WEBEX_ROOM_ID'] is '':

With respect to this example, if neither of these two options are defined in config, the if statement will erroneously proceed to the "else" clause. In this case, in the "else" clause the script will attempt to use WebEx when no WebEx config options have been defined, causing the script to throw errors.

Example fix:

if CONFIG_DATA['WEBEX_ACCESS_TOKEN'] == '' or CONFIG_DATA['WEBEX_ROOM_ID'] == '':

Hi,
thanks for the Great Script.
Just one Thing:
In your Screenshot of the "New Extended Access List Object" you put the Network into Destination, in the Previous Screenshot CISCO States "Configure the split tunnel networks in the source" of the Extended ACL, destination networks are ignored. So it needs to be put into Source, then it works fine.

Python Version 3.10.12:

Chosen O365 plan: , chosen applications: All
Saving config data...
Traceback (most recent call last):
File "/home/azureuser/Firepower_O365_Feed_Parser/O365_web_service_parser.py", line 597, in
WebServiceParser()
File "/home/azureuser/Firepower_O365_Feed_Parser/O365_web_service_parser.py", line 249, in WebServiceParser
bool_new_version = check_for_new_version(clientRequestId)
File "/home/azureuser/Firepower_O365_Feed_Parser/O365_web_service_parser.py", line 217, in check_for_new_version
sys.stdout.write(f"\nFirst time script runs, version of Office 365 {CONFIG_D ATA['O365_PLAN']} commercial service instance endpoints detected: {newVersion}\n ")
UnboundLocalError: local variable 'newVersion' referenced before assignment

Hi there,

Thank you for writing the program; it is extremely useful to us.

We have started using a proxy and have noticed the program continues to send requests without going through a proxy first.

We see this whilst running tcpdump during program execution.

config.json settings:
"PROXY": "true",
"PROXY_USER": "",
"PROXY_PASSWD": "",
"PROXY_HOST": "...",
"PROXY_PORT": "8080"

The program hangs on "Saving config data..."
python3 O365_web_service_parser.py

Loading config data...
Config loading complete.

Chosen O365 plan: Worldwide, chosen applications: All
Saving config data...

If you have the time to look at it, it would be appreciated.

Many thanks

This is a great script, I appreciate you writing it. We're using it so that we can split tunnel our VPN users to go direct to O365. The only issue we encountered is that the Firepower doesn't like IPv6 addresses in the split tunnel ACL. Once we removed them from the network object your script created the policy would deploy successfully and split tunneling worked like a champ. This is on a 2130 running 6.3.0.5 code.

I am getting a lot of dependencies errors and stuck with.
S@mate:~/scripts/Firepower_O365_Feed_Parser-asa_support# python3.6 O365_web_service_parser.py
Traceback (most recent call last):
File "O365_web_service_parser.py", line 24, in
import webexteamssdk
ModuleNotFoundError: No module named 'webexteamssdk'

tried using pip install webexteamssdk
$: command not found

then got installed
pip3 install webexteamssdk
Collecting webexteamssdk

again run the script
S@mate:~/scripts/Firepower_O365_Feed_Parser-asa_support# python3.6 O365_web_service_parser.py
Traceback (most recent call last):
File "O365_web_service_parser.py", line 29, in
from Asa import Asa
File "/root/scripts/Firepower_O365_Feed_Parser-asa_support/Asa.py", line 16, in
from netmiko import ConnectHandler
ModuleNotFoundError: No module named 'netmiko'

installed using
pip3 install -U netmiko

again run the script and got the following error

S@mate:~/scripts/Firepower_O365_Feed_Parser-asa_support# python3.6 O365_web_service_parser.py
Traceback (most recent call last):
File "O365_web_service_parser.py", line 29, in
from Asa import Asa
File "/root/scripts/Firepower_O365_Feed_Parser-asa_support/Asa.py", line 16, in
from netmiko import ConnectHandler
ModuleNotFoundError: No module named 'netmiko'

I run these commands and let worked like it should be.
pip install --upgrade pip
pip3 install --upgrade pip
pip3 install netmiko

then got it started work.

S@mate:~/scripts/Firepower_O365_Feed_Parser-asa_support# python3.6 O365_web_service_parser.py

Loading config data...
Config loading complete.

TESTTEST
Do you want to update an FMC [f] or ASA [a] [f/a]:

Thanks for the script, it helped me a lot.

Good afternoon!

My understanding was that the FMC didn't process wildcards, but utilized substring matching instead.

Has that changed?

The parser worked beautifully, and populated the object groups, but there's a number of *.domain listings.

Thank you!

Should be URL_default_list not URL_List

Hello,

first of all, I am really thankful for all the work you put into this project. So after preparing my linux system to run your script, I run into an error when the script tries to send the command to the asa. Here are the script output.

Chosen O365 plan: Germany, chosen applications: Exchange,SharePoint
Saving config data...

First time script runs, version of Office 365 Germany commercial service instance endpoints detected: 2020070800
Saving config data...

Connecting to ASA...
ASA Successfully Connected.

IP_DEFAULT list returned no IP's, empty list with dummy IP range (240.0.0.0/4) created (to avoid policy deploy failure)...

Sending show running-config | include object-group network O365_Service_IP_Adresses request to ASA.
The network-object object exists, removing before re-creating

Sending no object-group network O365_Service_IP_Adresses request to ASA.

Sending request to ASA:
['object-group network O365_Service_IP_Adresses', 'network-object 51.4.64.0 255.255.254.0', 'network-object 51.5.64.0 255.255.254.0', 'network-object 51.4.72.0 255.255.255.0', 'network-object 51.4.80.0 255.255.255.224', 'network-object 51.5.72.0 255.255.255.0', 'network-object 51.5.80.0 255.255.255.224', 'network-object 51.4.66.0 255.255.254.0', 'network-object 51.5.66.0 255.255.254.0', 'network-object host 51.4.144.200', 'network-object host 51.5.149.3', 'network-object 51.18.16.0 255.255.254.0', 'network-object host 51.4.2.10', 'network-object host 51.4.71.61', 'network-object 51.4.136.38 255.255.255.254', 'network-object 51.4.136.40 255.255.255.254', 'network-object host 51.4.136.42', 'network-object host 51.4.146.38', 'network-object host 51.4.146.206', 'network-object host 51.5.16.7', 'network-object host 51.5.71.22', 'network-object 51.5.136.32 255.255.255.252', 'network-object host 51.5.136.36', 'network-object host 51.5.145.29', 'network-object host 51.5.145.122', 'network-object 51.4.70.0 255.255.255.0', 'network-object 51.4.71.0 255.255.255.0', 'network-object host 51.4.226.115', 'network-object host 51.4.227.178', 'network-object host 51.4.230.178', 'network-object 51.5.70.0 255.255.255.0', 'network-object 51.5.71.0 255.255.255.0', 'network-object host 51.5.147.48', 'network-object host 51.5.242.163', 'network-object host 51.5.245.67', 'network-object host 51.4.144.41', 'network-object host 51.4.144.174', 'network-object host 51.4.145.38', 'network-object host 51.4.147.81', 'network-object host 51.4.147.233', 'network-object host 51.4.148.12', 'network-object host 51.4.150.145', 'network-object host 51.5.147.242', 'network-object host 51.5.149.100', 'network-object host 51.5.149.119', 'network-object host 51.5.149.123', 'network-object host 51.5.149.180', 'network-object host 51.5.149.186', 'network-object 51.18.0.0 255.255.248.0']
Error sending commands to ASA: Timed-out reading channel, data not available.

Exiting...

Any hints or tipps how to solve this issue myself?

Best regards
Christian