TIM - Process Indicators Against Organizations External IP List

This playbook processes indicators to check if they exist in a Cortex XSOAR list containing the organizational External IP addresses, and tags the indicators accordingly.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

  • FilterByList
  • SetAndHandleEmpty

Commands

  • appendIndicatorField

Playbook Inputs


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
OrganizationsExternalIPListNameA Cortex XSOAR list containing the organization's External IP address values. IP Indicators that appear in the list are tagged as organizations external ip.Optional

Playbook Outputs


PathDescriptionType
OrganizationExternalIPIP addresses that are found in the organization's external IP list.string
NotOrganizationExternalIPIP addresses that are not found in the organization's external IP list.string

Playbook Image


Playbook Image