PANW Threat Vault - Signature Search

Initiates a Signature Search in Palo Alto Networks threat Vault.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling

Integrations

  • Threat_Vault

Scripts

This playbook does not use any scripts.

Commands

  • threatvault-antivirus-signature-search
  • threatvault-dns-signature-search
  • threatvault-antispyware-signature-search
  • threatvault-signature-search-results

Playbook Inputs


NameDescriptionDefault ValueRequired
signature_nameSignature name to search.Optional
domain_nameDomain name to search.Optional
vendorVendor name to search.Optional
cveCVE name to search.Optional
fromFrom which signature to return results(used for paging). Default is 0.0Optional
toTo which signature to return results. Default is from plus 10.10Optional
search_typeSearch type. ips for antispyware, dns for DNS and panav for antivirus.Required

Playbook Outputs


PathDescriptionType
ThreatVault.Search.search_request_idSearch request ID.String
ThreatVault.Search.statusSearch status.String
ThreatVault.Search.page_countHow many results returned in this specific search.Number
ThreatVault.Search.total_countHow many results are available for this specific search.Number
ThreatVault.Search.search_typeSearch type. can be wither ips, dns or panav.String
ThreatVault.Search.signaturesA list of all the found signatures for this specific search.Unknown