Block IP - Generic

Blocks malicious IP addresses using all integrations that you have enabled.

Supported integrations for this playbook:

  • Check Point Firewall
  • Palo Alto Networks Minemeld
  • Palo Alto Networks Panorama
  • Zscaler

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Add Indicator to Miner - Minemeld

Integrations

  • Zscaler

Scripts

  • PanoramaBlockIP

Commands

  • zscaler-blacklist-ip
  • checkpoint-block-ip

Playbook Inputs


NameDescriptionRequired
IPBlacklistMinerThe name of the IP address blacklist Miner in Minemeld.Optional
IPThe array of malicious IP addresses to block.Optional

Playbook Outputs


PathDescriptionType
CheckpointFWRule.DestinationThe collection of network objects identified by the name or UID. How much details are returned depends on the details-level field of the request. This table shows the level of detail shown when details-level is set to standard.unknown
CheckpointFWRule.DestinationNegateTrue if negate is set for destination.unknown
PanoramaRule.DirectionThe direction of the panorama rule. Can be, "to","from", or "both".string
PanoramaRule.IPThe IP address the Panorama rule blocks.string
CheckpointFWRule.NameThe object name. This should be unique in the domain.unknown
PanoramaRule.NameThe name of the panorama rulestring
CheckpointFWRule.UIDThe object unique identifier.unknown
PanoramaRuleThe list of panorama rules.unknown
CheckpointFWRule.TypeThe type of the object.unknown
CheckpointFWRule.ActionThe Accept, Drop, Apply Layer, Ask, Info. How much details are returned depends on the details-level field of the request. This table shows the level of detail shown when details-level is set to standard.unknown
CheckpointFWRule.ActionSettingThe action settings.unknown
CheckpointFWRule.CustomFieldsThe custom fields.unknown
CheckpointFWRule.DataHow many details are returned depends on the details-level field of the request. This table shows the level of detail shown when details-level is set to standard.unknown
CheckpointFWRule.DataDirectionWhich direction the file types processing is applied to.unknown
CheckpointFWRule.DataNegateTrue if negate is set for data.unknown
CheckpointFWRule.DomainThe information about the domain the object belongs to.unknown
CheckpointFWRule.EnabledWhether to enable or disable the rule.unknown
CheckpointFWRule.HitsThe hits count object.unknown
CheckpointFWRule.Data.NameThe object name. Should be unique in domain.unknown
CheckpointFWRule.Data.DomainThe information about the domain the object belongs to.unknown
CheckpointFWRule.Domain.NameThe object name. This should be unique in the domain.unknown
CheckpointFWRule.Domain.UIDThe objects unique identifier.unknown
CheckpointFWRule.Domain.TypeThe domain type.unknown
CheckpointFWRule.Hits.FirstDateThe first of hits.unknown
CheckpointFWRule.Hits.LastDateThe last date of hits.unknown
CheckpointFWRule.Hits.LevelThe level of hits.unknown
CheckpointFWRule.Hits.PercentageThe percentage of hitsunknown
CheckpointFWRule.Hits.ValueThe value of hits.unknown

Playbook Image


Block_IP_Generic