Create Dynamic Attributes Filters

Dynamic attributes filters that you define using the Cisco Secure Dynamic Attributes Connector are exposed in the CDO as dynamic objects that can be used in access control policies. For example, you could restrict access to an AWS server for the Finance Department to only members of the Finance group defined in Microsoft Active Directory.

Note

You cannot create dynamic attributes filters for AWS, Azure, Azure Service Tags, Cisco Multicloud Defense, Generic Text, GitHub, Google Cloud, and Outlook 365, vCenter, Webex, and Zoom). These types of cloud objects provide their own IP addresses.

For more information about access control rules, see Create Access Control Rules Using Dynamic Attributes Filters.

Before you begin

Complete all of the following tasks:

Procedure

Step 1

Click Tools & Services > Dynamic Attributes Connector > Dynamic Attributes Filters.

Step 2

Click Dynamic Attributes Filters.

Step 3

Do any of the following:

  • Add a new filter: click Add icon (add icon)

  • Edit a filter: click Edit icon (edit icon)

  • Delete a filter: click Delete icon (delete icon)

Step 4

Enter the following information.

Item

Description

Name

Unique name to identify the dynamic filter (as a dynamic object) in access control policy and in the CDO Object Manager (External Attributes > Dynamic Object).

Connector

From the list, click the name of a connector to use.

Query

  • Add a new filter: click Add icon (add icon)

  • Edit a filter: click Edit icon (edit icon)

  • Delete a filter: click Delete icon (delete icon)

Step 5

To add or edit a query, enter the following information.

ItemDescription

Key

 Click a key from the list. Keys are fetched from the connector.

Operation

 Click one of the following:

  • Equals to exactly match the key to the value.

  • Contains to match the key to the value if any part of the value matches.

Values

 Click either Any or All and click one or more values from the list. Click Add another value to add values to your query.

Step 6

Click Show Preview to display a list of networks or IP addresses returned by your query.

Step 7

When you're finished, click Save.

Step 8

(Optional.) Verify the dynamic object in the CDO.

  1. Log in to the CDO.

  2. Click Policies > FTD Policies.

  3. Click Objects > Object Management.

  4. In the left pane, click External Attributes > Dynamic Object.

    The dynamic attribute query you created should be displayed as a dynamic object.