IP Whitelist - AWS Security Group

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Sync a list of IP addresses to an AWS Security Group.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • AWS - EC2
  • AWS-EC2


  • Set
  • CompareLists


  • removeIndicatorField
  • aws-ec2-describe-security-groups
  • aws-ec2-revoke-security-group-ingress-rule
  • setIndicator
  • aws-ec2-authorize-security-group-ingress-rule

Playbook Inputs

NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
IPIP addresses to set in the allow listRequired
SecurityGroupNameName of the AWS Security Group to updateRequired
IndicatorTagNameName of the Indicator Tag to apply to any IPs allowed by this playbook.AWS_IP_WhitelistRequired

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

IP Whitelist - AWS Security Group