PANW - Hunting and threat detection by indicator type

Deprecated

Use the "PANW - Hunting and threat detection by indicator type V2" playbook instead

Deprecated

Use the "PANW - Hunting and threat detection by indicator type V2" playbook instead.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Autofocus Query Samples, Sessions and Tags
  • PAN-OS Query Logs For Indicators
  • Convert file hash to corresponding hashes

Integrations

This playbook does not use any integrations.

Scripts

  • Set

Commands

  • cortex-query-analytics-logs
  • cortex-query-traps-logs
  • cortex-query-threat-logs
  • cortex-query-traffic-logs

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
SHA256The SHA256 hash for indicator to hunt.SHA256FileOptional
MD5The MD5 hash for indicator to hunt.MD5FileOptional
SHA1The SHA1 hash for indicator to hunt.SHA1FileOptional
IP addressesThe list of IP addresses.${IP.Address}-Optional
DomainThe list of domains or URLs.${Domain.Name}-Optional

Playbook Outputs


PathDescriptionType
detectedipsThe IP address or array of IP addresses that were detected during hunting.string
detectedhostsThe Host or array of hosts that were detected during hunting.string
detectedusersThe User or array of users that were detected during hunting.string
trapsidThe ID or array of IDs for traps hosts detected in the searches.string

Playbook Image


PANW_Hunting_and_threat_detection_by_indicator_type