Block IP - Generic v2

Blocks malicious IP addressess using all integrations that are enabled.

Supported integrations for this playbook:

  • Check Point Firewall
  • Palo Alto Networks Minemeld
  • Palo Alto Networks PAN-OS
  • Zscaler

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • PAN-OS DAG Configuration
  • PAN-OS - Block IP - Static Address Group
  • PAN-OS - Block IP and URL - External Dynamic List
  • PAN-OS - Block IP - Custom Block Rule
  • Add Indicator to Miner - Minemeld

Integrations

  • Zscaler

Scripts

This playbook does not use any scripts.

Commands

  • checkpoint-block-ip
  • zscaler-blacklist-ip

Playbook Inputs


NameDescriptionDefault ValueRequired
IPBlacklistMinerThe name of the IP address blacklist Miner in Minemeld.-Optional
IPThe aof malicious IP addresses to block.-Optional
CustomBlockRuleThis input determines whether Palo Alto Networks Panorama or Firewall Custom Block Rules are used.Specify True to use Custom Block Rules.TrueOptional
LogForwardingThe Panorama log forwarding object name.-Optional
AutoCommitThis input determines whether to commit the configuration automatically. Yes - Commit automatically. No - Commit manually.NoOptional
StaticAddressGroupThis input determines whether Palo Alto Networks Panorama or Firewall Static Address Groups are used. Specify the Static Address Group name for IP address handling.-Optional
IPListNameThis input determines whether Palo Alto Networks Panorama or Firewall External Dynamic Lists are used for blocking IP addresses. Specify the EDL name for IP address handling.-Optional
EDLServerIPThis input determines whether Palo Alto Networks Panorama or Firewall External Dynamic Lists are used: The IP address of the web server on which the files are stored. The web server IP address is configured in the integration instance.-Optional
DAGThis input determines whether Palo Alto Networks Panorama or Firewall Dynamic Address Groups are used. Specify the Dynamic Address Group tag name for IP address handling.-Optional

Playbook Outputs


PathDescriptionType
CheckpointFWRule.DestinationThe rule destination.unknown
CheckpointFWRule.DestinationNegateThe rule destination negate status. Can be, "True" or "False".unknown
PanoramaRule.DirectionThe direction of the Panorama rule. Can be, "to","from", or "both".string
PanoramaRule.IPThe IP address the Panorama rule blocks.string
CheckpointFWRule.NameThe rule name.unknown
PanoramaRule.NameThe name of the Panorama rule.string
CheckpointFWRule.UIDThe rule's UID.unknown
PanoramaRuleThe list of Panorama rules.unknown
CheckpointFWRule.TypeThe rule type.unknown
CheckpointFWRule.ActionThe rule action. Valid values are, "Accept", 'Drop", "Apply Layer", "Ask", or "Info".unknown
CheckpointFWRule.ActionSettingThe rule action settings.unknown
CheckpointFWRule.CustomFieldsThe rule custom fields.unknown
CheckpointFWRule.DataThe rule data.unknown
CheckpointFWRule.DataDirectionThe rule data direction.unknown
CheckpointFWRule.DataNegateThe rule data negate status. Can be, "True" or "False".unknown
CheckpointFWRule.DomainThe rule domain.unknown
CheckpointFWRule.EnabledThe rule status.unknown
CheckpointFWRule.HitsThe rule hits count.unknown
CheckpointFWRule.Data.NameThe rule data object name.unknown
CheckpointFWRule.Data.DomainThe information about the domain the data object belongs to.unknown
CheckpointFWRule.Domain.NameThe rule domain name.unknown
CheckpointFWRule.Domain.UIDThe rule domain UID.unknown
CheckpointFWRule.Domain.TypeThe rule domain type.unknown
CheckpointFWRule.Hits.FirstDateThe date of the first hit for the rule.unknown
CheckpointFWRule.Hits.LastDateThe date of the last hit for the rule.unknown
CheckpointFWRule.Hits.LevelThe level of rule hits.unknown
CheckpointFWRule.Hits.PercentageThe percentage of rule hits.unknown
CheckpointFWRule.Hits.ValueThe value of rule hits.unknown

Playbook Image


Block_IP_Generic_v2