Palo Alto Networks - Malware Remediation

Performs malicious IOC remediation using Palo Alto Networks integrations.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • PAN-OS - Block URL - Custom URL Category
  • PAN-OS - Block IP - Static Address Group
  • PAN-OS DAG Configuration
  • PAN-OS - Block IP and URL - External Dynamic List
  • PAN-OS - Block Domain - External Dynamic List
  • Traps Quarantine Event
  • PAN-OS - Block IP - Custom Block Rule
  • Traps Blacklist File
  • Add Indicator to Miner - Palo Alto MineMeld
  • Traps Isolate Endpoint

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
DAGWhether the Palo Alto Networks Panorama or Firewall Dynamic Address Groups are used. Specify the Dynamic Address Group tag name for IP address handling.--Optional
CustomURLCategoryWhether the Palo Alto Networks Panorama or Firewall Custom URL Categories are used. Specify the category name for URL handling.--Optional
CustomBlockRuleWhether the Palo Alto Networks Panorama or Firewall Custom block rules are used. To use the Custom Block Rules select "True".False-Optional
IPListNameWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists, are used for IP Blocking. Specify the EDL name for IP address handling.--Optional
IPThe malicious IP Addresses to block.AddressIPOptional
URLThe malicious URLs to block.DataURLOptional
LogForwardingThe Panorama log forwarding object name.--Optional
StaticAddressGroupWhether the Palo Alto Networks Panorama or Firewall Static address groups are used. Specify the Static IP address group name for IP address handling.--Optional
MinerWhether the Palo Alto Networks Minemeld is used. Specify the Miner name to update the malicious indicators.--Optional
AutoCommitWhether to commit the configuration automatically. Choose "Yes" to commit automatically. Choose "No" to commit manually.No-Optional
URLListNameWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists are used for URL Blocking. Specify the EDL name for URL handling.--Optional
EDLServerIPWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists are used. The IP address of the web server on which the files are stored. The web server IP address is configured in the integration instance.--Optional
TrapsWhether the Palo Alto Networks Traps remediation will take place. Can be, "Yes" or "No".--Optional
EndpointIdThe Traps Endpoint ID to isolate.--Optional
EventIdThe Traps event ID to perform file quarantine on.--Optional
SHA256The SHA256 file hash to blacklist using Traps.SHA256FileOptional
DomainListNameWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists, are used for domain blocking. Specify the EDL name for domain handling.--Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Palo_Alto_Networks_Malware_Remediation