TIM - Add All Indicator Types To SIEM

This playbook runs sub playbooks that send indicators to your SIEM. To select the indicators you want to add, go to playbook inputs, choose “from indicators” and set your query. For example tags:approved_black, approved_white etc. The purpose of the playbook is to send to SIEM only indicators that have been processed and tagged accordingly after an automatic or manual review process. The default playbook query is" (type:ip or type:file or type:Domain or type:URL) -tags:pending_review and (tags:approved_black or tags:approved_white or tags:approved_watchlist)" In case more indicator types need to be sent to the SIEM, the query must be edited accordingly.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

TIM - Add IP Indicators To SIEM
TIM - Add Bad Hash Indicators To SIEM
TIM - Add Domain Indicators To SIEM
TIM - Add Url Indicators To SIEM

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs

Name	Description	Default Value	Required
Indicator Query	Indicators matching the indicator query will be used as playbook input	(type:ip or type:file or type:Domain or type:URL) -tags:pending_review and (tags:approved_black or tags:approved_white or tags:approved_watchlist)	Optional

Playbook Outputs

There are no outputs for this playbook.

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

TIM - Add All Indicator Types To SIEM

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image