Block IOCs from CSV - External Dynamic List

Parses a CSV file with IOCs and blocks them using Palo Alto Networks External Dynamic Lists.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • PAN-OS - Block IP and URL - External Dynamic List
  • PAN-OS - Block Domain - External Dynamic List
  • Add Indicator to Miner - Palo Alto MineMeld

Integrations

This playbook does not use any integrations.

Scripts

  • ParseCSV

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
IPColumnThe column number that contains IP addresses. (First column is column 0).-Optional
DomainColumnThe column number that contains domains. (First column is column 0).-Optional
FileColumnThe column number that contains hashes. (First column is column 0).-Optional
MinerThe Miner name to upload the indicators to in MineMeld.-Optional
IPListNameThe IP address list from the instance context with which to override the remote file.Demisto Remediation - IP EDLOptional
DomainListNameThe domain list from the instance context with which to override the remote file.Demisto Remediation - Domain EDLOptional
EDLServerIPThe EDL server IP address.-Optional
LogForwardingThe log forwarding object name.-Optional
AutoCommitThe input establishes whether to commit the configuration automatically. Yes - Commit automatically. No - Commit manually.NoOptional
pre-post-rulebaseEither pre-rulebase or post-rulebase, according to the rule structure.pre-rulebaseOptional
rule-positionThe position of the rule in the ruleset. Valid values are, "Top", "Bottom", "Before", or "After".TopOptional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Block_IOCs_from_CSV_External_Dynamic_List