Block Indicators - Generic v2

Blocks malicious indicators using all integrations that are enabled, using the following sub-playbooks:

  • Block URL - Generic
  • Block Account - Generic
  • Block IP - Generic v2
  • Block File - Generic v2

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Block URL - Generic
  • Block File - Generic v2
  • Block IP - Generic v2
  • Block Account - Generic

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
IPBlacklistMinerThe name of the IP address blacklist Miner in Minemeld.--Optional
URLBlacklistMinerThe name of the URL blacklist Miner in Minemeld.--Optional
IPThe array of malicious IP addresses to block.IndicatorDBotScoreOptional
URLThe array of malicious URLs to block.IndicatorDBotScoreOptional
UsernameThe array of malicious usernames to block.IndicatorDBotScoreOptional

Playbook Outputs


PathDescriptionType
CheckpointFWRule.DomainThe rule domain.unknown
CheckpointFWRule.EnabledThe rule status.unknown
CheckpointFWRule.NameThe rule name.unknown
CheckpointFWRule.UIDThe rule UID.unknown
CheckpointFWRule.TypeThe rule type.unknown
CheckpointFWRule.DestinationNegateThe rule destination negate status. Can be, "True" or "False".unknown
CheckpointFWRule.ActionThe rule action. Valid values are, "Accept", "Drop", "Apply Layer", "Ask", or "Info".unknown
CheckpointFWRule.DestinationThe rule destination.unknown
CheckpointFWRule.ActionSettingThe rule action settings.unknown
CheckpointFWRule.CustomFieldsThe rule custom fields.unknown
CheckpointFWRule.DataThe rule data.unknown
CheckpointFWRule.DataDirectionThe rule data direction.unknown
CheckpointFWRule.DataNegateThe rule data negate status. Can be, "True" or "False".unknown
CheckpointFWRule.HitsThe rule hits count.unknown
PanoramaRule.DirectionThe direction of the Panorama rule. Can be "to","from", or "both".string
PanoramaRule.IPThe IP address the Panorama rule blocks.string
PanoramaRule.NameThe name of the Panorama rule.string
CheckpointFWRule.Data.NameThe rule data object name.unknown
CheckpointFWRule.Data.DomainThe information about the domain the data object belongs to.unknown
CheckpointFWRule.Domain.NameThe rule domain name.unknown
CheckpointFWRule.Domain.UIDThe rule domain UID.unknown
CheckpointFWRule.Domain.TypeThe rule domain type.unknown
CheckpointFWRule.Hits.FirstDateThe date of the first hit for the rule.unknown
CheckpointFWRule.Hits.LastDateThe date of the last hit for the rule.unknown
CheckpointFWRule.Hits.LevelThe level of rule hits.unknown
CheckpointFWRule.Hits.PercentageThe percentage of rule hitsunknown
CheckpointFWRule.Hits.ValueThe value of rule hits.unknown

Playbook Image


Block_Indicators_Generic_v2