Skip to main content

Cloudflare WAF

This Integration is part of the Cloudflare WAF Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Cloudflare WAF integration allows customers to manage firewall rules, filters, and IP-lists. It also allows to retrieve zones list for each account. This integration was integrated and tested with version 4 of CloudflareWAF

Configure Cloudflare WAF on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Cloudflare WAF.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    User TokenTrue
    PasswordTrue
    Account IDAccount identifier.True
    PasswordTrue
    Default Zone IDThe domain identifier. Zone ID can be override when executing commands.The domain identifier. Zone ID can be override when executing commands.False
    PasswordFalse
    Use system proxy settingsFalse
    Trust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

cloudflare-waf-firewall-rule-create#


Create a new firewall rule that create new filter or use an exist filter.

Base Command#

cloudflare-waf-firewall-rule-create

Input#

Argument NameDescriptionRequired
actionThe rule action. Possible values are: block, challenge, js_challenge, managed_challenge, allow, log, bypass.Required
filter_idIdentifier of an existing filter. Required if filter_expression is unspecified.Optional
filter_expressionFilter expression when creating a filter for a new rule. Required if filter_id is unspecified. Expression example: "(ip.src eq 120.2.2.8) or (ip.src in $list_name)". For syntax explanations and more examples: https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/.Optional
productsComma separated list of products to bypass for a request when the bypass action is used. Valid values: zoneLockdown, uaBlock, bic, hot, securityLevel, rateLimit, waf. Possible values are: zoneLockdown, uaBlock, bic, hot, securityLevel, rateLimit, waf.Optional
priorityThe priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
min value: 0.
max value: 2147483647.
Optional
pausedWhether this firewall rule is currently paused. Possible values are: True, False.Optional
descriptionA description of the rule to help identify it.Optional
refShort reference tag to quickly select related rules.Optional
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

PathTypeDescription
CloudflareWAF.FirewallRule.idStringFirewall rule ID.
CloudflareWAF.FirewallRule.priorityunknownThe priority of the rule to allow control of processing order.
CloudflareWAF.FirewallRule.actionunknownThe action of the rule.
CloudflareWAF.FirewallRule.productsunknownList of products to bypass for a request when the bypass action is used.
CloudflareWAF.FirewallRule.pausedBooleanWhether this firewall rule is currently paused.
CloudflareWAF.FirewallRule.descriptionStringA description of the rule to help identify it.
CloudflareWAF.FirewallRule.refStringShort reference tag to quickly select related rules.

Command example#

!cloudflare-waf-firewall-rule-create action=allow filter_expression="(ip.src eq 120.2.2.8)"

Context Example#

{
"CloudflareWAF": {
"FirewallRule": {
"action": "allow",
"created_on": "2022-05-02T08:00:59Z",
"filter": {
"expression": "(ip.src eq 120.2.2.8)",
"id": "2e740a75f2904b8e8df8e4fb36de1563",
"paused": false
},
"id": "8da08f6f0c214e378e7847e420ec7965",
"index": 4,
"modified_on": "2022-05-02T08:00:59Z",
"paused": false
}
}
}

Human Readable Output#

Firewall rule was successfully created.#

IdActionFilter IdFilter ExpressionProductsPriorityPausedDescriptionRef
8da08f6f0c214e378e7847e420ec7965allow2e740a75f2904b8e8df8e4fb36de1563(ip.src eq 120.2.2.8)false

cloudflare-waf-firewall-rule-update#


Update firewall rule by the specified rule ID. Can update rule action, paused, description, priority, products and ref. Can not update or delete rule filter, ONLY add a new filter.

Base Command#

cloudflare-waf-firewall-rule-update

Input#

Argument NameDescriptionRequired
idFirewall Rule identifier. .Required
actionThe exist rule action or the new rule action to set. Possible values are: block, challenge, js_challenge, managed_challenge, allow, log, bypass.Required
filter_idThe ID of the exist rule filter or the ID of the new filter to set.Required
productsList of products to bypass for a request when the bypass action is used (comma separated list). Valid values: zoneLockdown, uaBlock, bic, hot, securityLevel, rateLimit, waf. Possible values are: zoneLockdown, uaBlock, bic, hot, securityLevel, rateLimit, waf.Optional
priorityThe priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
min value: 0.
max value: 2147483647.
Optional
pausedWhether this firewall rule is currently paused. Possible values are: true, false.Optional
descriptionA description of the rule to help identify it.Optional
refShort reference tag to quickly select related rules.Optional
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

There is no context output for this command.

cloudflare-waf-firewall-rule-delete#


Delete firewall rule by the specified rule ID.

Base Command#

cloudflare-waf-firewall-rule-delete

Input#

Argument NameDescriptionRequired
idFirewall Rule identifier. .Required
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

There is no context output for this command.

Command example#

!cloudflare-waf-firewall-rule-delete id="93657f595665493bbfcf3664edfca130"

Human Readable Output#

Firewall rule 93657f595665493bbfcf3664edfca130 was successfully deleted.

cloudflare-waf-firewall-rule-list#


List of firewall rules or details of individual rule by ID.

Base Command#

cloudflare-waf-firewall-rule-list

Input#

Argument NameDescriptionRequired
idFirewall Rule identifier. .Optional
actionThe rule action. Possible values are: block, challenge, js_challenge, managed_challenge, allow, log, bypass.Optional
pausedWhether this firewall rule is currently paused. Possible values are: true, false.Optional
descriptionA description of the rule to help identify it.Optional
pagePage number of paginated results.
min value: 1.
Optional
page_sizeNumber of firewall rules per page. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15.Optional
limitThe maximum number of records to retrieve. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15. Default is 50.Optional
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

PathTypeDescription
CloudflareWAF.FirewallRule.idStringFirewall Rule identifier.
CloudflareWAF.FirewallRule.actionStringThe rule action.
CloudflareWAF.FirewallRule.pausedBooleanWhether this firewall rule is currently paused.
CloudflareWAF.FirewallRule.descriptionStringRule description.
CloudflareWAF.FirewallRule.Filter.idStringRule filter id.
CloudflareWAF.FirewallRule.Filter.expressionStringRule filter expression.
CloudflareWAF.FirewallRule.Filter.pausedBooleanWhether this rule filter is currently paused.
CloudflareWAF.FirewallRule.Filter.descriptionStringDescription of the rule filter.
CloudflareWAF.FirewallRule.Filter.refStringShort reference tag.

Command example#

!cloudflare-waf-firewall-rule-list

Context Example#

{
"CloudflareWAF": {
"FirewallRule": [
{
"action": "block",
"description": null,
"filter_expression": "(cf.client.bot)",
"filter_id": "2aafaaea87da44ffa0929c115d2bebfc",
"id": "47c7b26db654427d98235705abfcf32e",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
},
{
"action": "block",
"description": null,
"filter_expression": "(ip.src eq 120.2.2.8)",
"filter_id": "a8e2887c7e484e0d84b0571e1e1ecc4a",
"id": "de4fba698eb347f59e202306b46880a5",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
},
{
"action": "block",
"description": null,
"filter_expression": "(ip.src eq 120.2.2.8)",
"filter_id": "c092787d60b54f06b270ab4cb22edd54",
"id": "c643071e10694fecb194c95d80c64706",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
},
{
"action": "block",
"description": null,
"filter_expression": "(ip.src eq 120.2.2.8)",
"filter_id": "3d6ea4fe88614d3c99d9f11da5b84b62",
"id": "45a16a6ed90349db851eda214188f47a",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
}
]
}
}

Human Readable Output#

Firewall rule list#

Showing 4 rows out of 4. |Id|Action|Paused|Description|Filter Id|Filter Expression| |---|---|---|---|---|---| | 47c7b26db654427d98235705abfcf32e | block | false | | 2aafaaea87da44ffa0929c115d2bebfc | (cf.client.bot) | | de4fba698eb347f59e202306b46880a5 | block | false | | a8e2887c7e484e0d84b0571e1e1ecc4a | (ip.src eq 120.2.2.8) | | c643071e10694fecb194c95d80c64706 | block | false | | c092787d60b54f06b270ab4cb22edd54 | (ip.src eq 120.2.2.8) | | 45a16a6ed90349db851eda214188f47a | block | false | | 3d6ea4fe88614d3c99d9f11da5b84b62 | (ip.src eq 120.2.2.8) |

cloudflare-waf-filter-create#


Create a new filter which can be added to a firewall rule.

Base Command#

cloudflare-waf-filter-create

Input#

Argument NameDescriptionRequired
expressionThe filter expression to be used. Expression example: "(ip.src eq 120.2.2.8) or (ip.src in $list_name)". For syntax explanations and more examples: https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/.Required
refShort reference tag to quickly select related rules.Optional
pausedWhether this filter is currently paused. Possible values are: true, false.Optional
descriptionA note that you can use to describe the purpose of the filter.Optional
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

PathTypeDescription
CloudflareWAF.Filter.idStringFilter identifier.
CloudflareWAF.Filter.expressionStringThe filter expression to be used.
CloudflareWAF.Filter.pausedBooleanWhether this filter is currently paused.
CloudflareWAF.Filter.descriptionStringA note that describe the purpose of the filter.
CloudflareWAF.Filter.refStringShort reference tag to quickly select related rules.

Command example#

!cloudflare-waf-filter-create expression="(ip.src eq 120.2.2.8)"

Context Example#

{
"CloudflareWAF": {
"Filter": [
{
"expression": "(ip.src eq 120.2.2.8)",
"id": "02f3f01de4644c31a048d4b837145162",
"paused": false
},
{
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
}
]
}
}

Human Readable Output#

Filter was successfully created.#

IdExpressionPausedDescriptionRef
02f3f01de4644c31a048d4b837145162(ip.src eq 120.2.2.8)false

cloudflare-waf-filter-update#


Update filter by the specified filter ID.

Base Command#

cloudflare-waf-filter-update

Input#

Argument NameDescriptionRequired
idFilter identifier. . Possible values are: .Required
expressionThe filter expression to be used. Expression example: "(ip.src eq 120.2.2.8) or (ip.src in $list_name)".Required
refShort reference tag to quickly select related rules.Optional
pausedWhether this filter is currently paused. Possible values are: true, false.Optional
descriptionA note that you can use to describe the purpose of the filter.Optional
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

There is no context output for this command.

cloudflare-waf-filter-delete#


Delete an exist filter (Note that a filter linked to firewall rule cannot be deleted).

Base Command#

cloudflare-waf-filter-delete

Input#

Argument NameDescriptionRequired
filter_idThe filter ID.Required
zone_idZone identifier. The initialization will override the value set in the instance.Optional

Context Output#

There is no context output for this command.

Command example#

!cloudflare-waf-filter-delete filter_id="c8bf98553afd4522bde108f600d8a794"

Human Readable Output#

Filter c8bf98553afd4522bde108f600d8a794 was successfully deleted.

cloudflare-waf-filter-list#


List filters.

Base Command#

cloudflare-waf-filter-list

Input#

Argument NameDescriptionRequired
idFilter identifier. .Optional
expressionThe filter expression to be used.Optional
refShort reference tag to quickly select related rules.Optional
pausedWhether this filter is currently paused. Possible values are: true, false.Optional
descriptionA note that you can use to describe the purpose of the filter.Optional
pagePage number of paginated results.
min value: 1.
Optional
page_sizeNumber of filter based firewall rules per page. The argument accepts values ‚Äč‚Äčdivided by 5.
Minimum value 5.
Maximum value 100.
For example: 5,10,15.
Optional
limitThe maximum number of records to retrieve. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15. Default is 50.Optional
zone_idZone identifier. If provided, it will override the value set in the instance.Optional

Context Output#

PathTypeDescription
CloudflareWAF.Filter.idStringFilter identifier.
CloudflareWAF.Filter.expressionStringThe filter expression.
CloudflareWAF.Filter.descriptionStringDescription of the filter purpose.
CloudflareWAF.Filter.pausedBooleanWhether this filter is currently paused.
CloudflareWAF.Filter.refStringShort reference tag.

Command example#

!cloudflare-waf-filter-list

Context Example#

{
"CloudflareWAF": {
"Filter": [
{
"expression": "(ip.src eq 120.2.2.8)",
"id": "c092787d60b54f06b270ab4cb22edd54",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
},
{
"expression": "(ip.src eq 120.2.2.8)",
"id": "cdbbc2fc50d84e07bec72e213642d293",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
},
{
"expression": "(ip.src eq 120.2.2.8)",
"id": "dc6eb4ff230648ecabf7c3f0c159d3b5",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
},
{
"expression": "(ip.src eq 120.2.2.8)",
"id": "2c18e08324b345feade9003b68fc5762",
"paused": false,
"zone_id": "e18cd14b21c8282bec11cabec5c4dbf9"
}
]
}
}

Human Readable Output#

Filter list#

Showing 50 rows out of 93. |Id|Expression|Ref|Description|Paused| |---|---|---|---|---| | c092787d60b54f06b270ab4cb22edd54 | (ip.src eq 120.2.2.8) | | | false | | 3b997e7e24bd48598870f02560e26044 | (ip.src eq 120.2.2.8) | | | false | | 3d6ea4fe88614d3c99d9f11da5b84b62 | (ip.src eq 120.2.2.8) | | | false | | f368d129d8fa4c97ad62fd4024bf63f9 | (ip.src eq 120.2.2.8) | | | false |

cloudflare-waf-zone-list#


List all account zones.

Base Command#

cloudflare-waf-zone-list

Input#

Argument NameDescriptionRequired
matchWhether to match all search requirements or at least one (any). Possible values are: any, all. Default is all.Optional
nameA domain name.Optional
account_nameAccount name.Optional
account_idAccount identifier tag.Optional
statusStatus of the zone. Possible values are: active, pending, initializing, moved, deleted, deactivated, read only.Optional
orderField to order zones by. Possible values are: name, status, account.id, account.name.Optional
directionDirection to order zones. Possible values are: asc, desc.Optional
pagePage number of paginated results. Default value: 1, min value: 1.Optional
page_sizeNumber of zones per page. The argument accepts values ‚Äč‚Äčdivided by 5.
Minimum value 5.
Maximum value 100.
For example: 5,10,15.
Optional
limitThe maximum number of records to retrieve. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15. Default is 50.Optional

Context Output#

PathTypeDescription
CloudflareWAF.Zone.successBooleanThe status of the request (true or false).
CloudflareWAF.Zone.idStringThe zone ID.
CloudflareWAF.Zone.nameStringA domain name.
CloudflareWAF.Zone.development_modeIntegerDevelopment mode.
CloudflareWAF.Zone.original_name_serversDataOriginal name servers.
CloudflareWAF.Zone.original_registrarStringOriginal registrar.
CloudflareWAF.Zone.original_dnshostStringOriginal DNS host.
CloudflareWAF.Zone.created_onDateZone created date.
CloudflareWAF.Zone.modified_onDateZone modified date.
CloudflareWAF.Zone.activated_onDateZone activated date.
CloudflareWAF.Zone.statusStringStatus of the zone.
CloudflareWAF.Zone.pausedBooleanWhether this zone is currently paused.
CloudflareWAF.Zone.typeStringShort reference tag.
CloudflareWAF.Zone.permissionsDataList of zone permissions.
CloudflareWAF.Zone.AccountDataAccount details.
CloudflareWAF.Zone.ownerDataThe zone owner details.
CloudflareWAF.Zone.name_serversDataZone servers names.

Command example#

!cloudflare-waf-zone-list

Context Example#

{
"CloudflareWAF": {
"Zone": [
{
"account": {
"id": "67fb88dc5eb69bd55969cea954c75cea",
"name": "email@email.com"
},
"activated_on": "2021-12-08T07:54:43.676430Z",
"created_on": "2021-12-01T12:50:43.250444Z",
"development_mode": 0,
"id": "d185f37563270905ae2e587e5bc6c9dd",
"meta": {
"custom_certificate_quota": 0,
"multiple_railguns_allowed": false,
"page_rule_quota": 30,
"phishing_detected": false,
"step": 2
},
"modified_on": "2021-12-08T07:54:43.676430Z",
"name": "fortresscyber.io",
"name_servers": [
"earl.ns.cloudflare.com",
"monroe.ns.cloudflare.com"
],
"original_dnshost": null,
"original_name_servers": [
"ns-669.awsdns-19.net",
"ns-1219.awsdns-24.org",
"ns-64.awsdns-08.com",
"ns-1907.awsdns-46.co.uk"
],
"original_registrar": "namecheap, inc. (id: 1068)",
"owner": {
"email": "email@email.com",
"id": "b295c6a5f2897c4f1a1c42ebeeb079",
"type": "user"
},
"paused": false,
"permissions": [
"#access:edit",
"#access:read",
"#analytics:read",
"#app:edit",
"#auditlogs:read",
"#billing:read",
"#cache_purge:edit",
"#dns_records:edit",
"#dns_records:read",
"#healthchecks:edit",
"#healthchecks:read",
"#lb:edit",
"#lb:read",
"#legal:read",
"#logs:edit",
"#logs:read",
"#member:read",
"#organization:edit",
"#organization:read",
"#ssl:edit",
"#ssl:read",
"#stream:edit",
"#stream:read",
"#subscription:edit",
"#subscription:read",
"#teams:edit",
"#teams:read",
"#teams:report",
"#waf:edit",
"#waf:read",
"#waitingroom:edit",
"#waitingroom:read",
"#webhooks:edit",
"#webhooks:read",
"#worker:edit",
"#worker:read",
"#zaraz:edit",
"#zaraz:read",
"#zone:edit",
"#zone:read",
"#zone_settings:edit",
"#zone_settings:read"
],
"plan": {
"can_subscribe": false,
"currency": "USD",
"externally_managed": false,
"frequency": "",
"id": "a577b510288e82b26486fd1df47000ec",
"is_subscribed": true,
"legacy_discount": false,
"legacy_id": "pro",
"name": "Pro Website",
"price": 0
},
"status": "active",
"type": "full"
},
{
"account": {
"id": "67fb88dc5eb69bd55969cea954c75cea",
"name": "email@email.com"
},
"activated_on": "2022-01-30T11:04:53.255562Z",
"created_on": "2022-01-30T10:47:46.393968Z",
"development_mode": 0,
"id": "e0fb31cf064ac5fc55377bf9e16d40ee",
"meta": {
"custom_certificate_quota": 0,
"multiple_railguns_allowed": false,
"page_rule_quota": 3,
"phishing_detected": false,
"step": 2
},
"modified_on": "2022-01-30T11:04:53.255562Z",
"name": "stronghold.services",
"name_servers": [
"earl.ns.cloudflare.com",
"monroe.ns.cloudflare.com"
],
"original_dnshost": null,
"original_name_servers": [
"dns1.registrar-servers.com",
"dns2.registrar-servers.com"
],
"original_registrar": "namecheap, inc. (id: 1068)",
"owner": {
"email": "email@email.com",
"id": "b295c6a5f2897c4f1a1c42ebeeb079",
"type": "user"
},
"paused": false,
"permissions": [
"#access:edit",
"#access:read",
"#analytics:read",
"#app:edit",
"#auditlogs:read",
"#billing:read",
"#cache_purge:edit",
"#dns_records:edit",
"#dns_records:read",
"#healthchecks:edit",
"#healthchecks:read",
"#lb:edit",
"#lb:read",
"#legal:read",
"#logs:edit",
"#logs:read",
"#member:read",
"#organization:edit",
"#organization:read",
"#ssl:edit",
"#ssl:read",
"#stream:edit",
"#stream:read",
"#subscription:edit",
"#subscription:read",
"#teams:edit",
"#teams:read",
"#teams:report",
"#waf:edit",
"#waf:read",
"#waitingroom:edit",
"#waitingroom:read",
"#webhooks:edit",
"#webhooks:read",
"#worker:edit",
"#worker:read",
"#zaraz:edit",
"#zaraz:read",
"#zone:edit",
"#zone:read",
"#zone_settings:edit",
"#zone_settings:read"
],
"plan": {
"can_subscribe": false,
"currency": "USD",
"externally_managed": false,
"frequency": "",
"id": "0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee",
"is_subscribed": false,
"legacy_discount": false,
"legacy_id": "free",
"name": "Free Website",
"price": 0
},
"status": "active",
"type": "full"
}
]
}
}

Human Readable Output#

Zone list#

Showing 2 rows out of 2 |Name|Account Name|Status|Account Id|Direction| |---|---|---|---|---| | fortresscyber.io | | active | | | | stronghold.services | | active | | |

cloudflare-waf-ip-list-create#


Create a new IP-list. An IP-list is a list that includes IP addresses and CIDR. IP-list is used in the filter expression.

Base Command#

cloudflare-waf-ip-list-create

Input#

Argument NameDescriptionRequired
nameThe name of the list (used in filter expressions).Required
descriptionA note that can be used to annotate the List.Optional

Context Output#

PathTypeDescription
CloudflareWAF.IpList.idStringThe list ID.
CloudflareWAF.IpList.nameStringThe name of the list.
CloudflareWAF.IpList.descriptionStringA note that annotate the List.
CloudflareWAF.IpList.kindStringThe kind of values in the List.
CloudflareWAF.IpList.num_itemsIntegerNumber of list items.
CloudflareWAF.IpList.num_referencing_filtersIntegerNumber of referencing filters to the list.
CloudflareWAF.IpList.created_onDateList created date.
CloudflareWAF.IpList.modified_onDateList modified date.

cloudflare-waf-ip-list-delete#


Delete IP-list by the specified list ID.

Base Command#

cloudflare-waf-ip-list-delete

Input#

Argument NameDescriptionRequired
idThe list ID. .Required

Context Output#

There is no context output for this command.

Command example#

!cloudflare-waf-ip-list-delete id="dd7e3f1f5edf4591acb22f20da320b8f"

Human Readable Output#

IP list dd7e3f1f5edf4591acb22f20da320b8f was successfully deleted

cloudflare-waf-ip-lists-list#


List IP-lists.

Base Command#

cloudflare-waf-ip-lists-list

Input#

Argument NameDescriptionRequired
idRetrieve details for an individual list Id.Optional
pagePage number of paginated results.
Default value: 1, min value: 1.
Optional
page_sizeNumber of IP-list per page. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15.Optional
limitThe maximum number of records to retrieve. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15. Default is 50.Optional

Context Output#

PathTypeDescription
CloudflareWAF.IpList.idStringThe list ID.
CloudflareWAF.IpList.nameStringThe list name.
CloudflareWAF.IpList.descriptionStringList description.
CloudflareWAF.IpList.kindStringList kind (ip\redirect).
CloudflareWAF.IpList.num_itemsunknownNumber of list items.
CloudflareWAF.IpList.num_referencing_filtersunknownNumber of referencing filters to the list.

Command example#

!cloudflare-waf-ip-lists-list

Context Example#

{
"CloudflareWAF": {
"IpList": [
{
"created_on": "2022-04-10T09:42:13Z",
"id": "e6efdc37cf7d41f2860a3fd448c68df8",
"kind": "ip",
"modified_on": "2022-04-27T13:39:44Z",
"name": "my_first_list1",
"num_items": 8,
"num_referencing_filters": 1
},
{
"created_on": "2022-03-29T14:53:15Z",
"id": "82963f46e892446e99ae3ff9fe1b6524",
"kind": "ip",
"modified_on": "2022-04-27T13:39:32Z",
"name": "my_first_list",
"num_items": 1,
"num_referencing_filters": 1
},
{
"created_on": "2022-04-27T13:36:54Z",
"id": "617290bdb0674696a20af4cdf4677f4e",
"kind": "ip",
"modified_on": "2022-04-27T13:36:54Z",
"name": "new_new",
"num_items": 0,
"num_referencing_filters": 0
},
{
"created_on": "2022-04-27T13:12:13Z",
"id": "8af3465383434fc3ab6283d07406699f",
"kind": "ip",
"modified_on": "2022-04-27T13:12:13Z",
"name": "my_new_and_last_list",
"num_items": 0,
"num_referencing_filters": 0
},
{
"created_on": "2022-04-26T13:54:32Z",
"id": "c0388c7c007d497ea37a21555aff49d2",
"kind": "ip",
"modified_on": "2022-04-27T12:35:09Z",
"name": "list_name",
"num_items": 1,
"num_referencing_filters": 0
},
{
"created_on": "2022-04-27T10:46:47Z",
"id": "71934eec8ce34a85b57509a60f9ae57c",
"kind": "ip",
"modified_on": "2022-04-27T10:49:52Z",
"name": "playbook_list",
"num_items": 0,
"num_referencing_filters": 0
},
{
"created_on": "2022-04-27T10:08:53Z",
"id": "8e9773d982fb4dbfb198f8078d22f4f6",
"kind": "ip",
"modified_on": "2022-04-27T10:08:53Z",
"name": "list_name2",
"num_items": 0,
"num_referencing_filters": 0
},
{
"created_on": "2022-04-26T08:25:48Z",
"id": "8667dc96872c44ebabd7559594e92372",
"kind": "ip",
"modified_on": "2022-04-26T08:55:54Z",
"name": "demo_list2",
"num_items": 1,
"num_referencing_filters": 1
}
]
}
}

Human Readable Output#

IP lists list#

Showing 8 rows out of 8. |Id|Name|Kind|Num Items|Num Referencing Filters|Created On|Modified On| |---|---|---|---|---|---|---| | e6efdc37cf7d41f2860a3fd448c68df8 | my_first_list1 | ip | 8 | 1 | 2022-04-10T09:42:13Z | 2022-04-27T13:39:44Z | | 82963f46e892446e99ae3ff9fe1b6524 | my_first_list | ip | 1 | 1 | 2022-03-29T14:53:15Z | 2022-04-27T13:39:32Z | | 617290bdb0674696a20af4cdf4677f4e | new_new | ip | 0 | 0 | 2022-04-27T13:36:54Z | 2022-04-27T13:36:54Z | | 8af3465383434fc3ab6283d07406699f | my_new_and_last_list | ip | 0 | 0 | 2022-04-27T13:12:13Z | 2022-04-27T13:12:13Z | | c0388c7c007d497ea37a21555aff49d2 | list_name | ip | 1 | 0 | 2022-04-26T13:54:32Z | 2022-04-27T12:35:09Z | | 71934eec8ce34a85b57509a60f9ae57c | playbook_list | ip | 0 | 0 | 2022-04-27T10:46:47Z | 2022-04-27T10:49:52Z | | 8e9773d982fb4dbfb198f8078d22f4f6 | list_name2 | ip | 0 | 0 | 2022-04-27T10:08:53Z | 2022-04-27T10:08:53Z | | 8667dc96872c44ebabd7559594e92372 | demo_list2 | ip | 1 | 1 | 2022-04-26T08:25:48Z | 2022-04-26T08:55:54Z |

cloudflare-waf-ip-list-item-create#


Create new items for exist IP-list.

Base Command#

cloudflare-waf-ip-list-item-create

Input#

Argument NameDescriptionRequired
list_idThe ID of the list to insert the new items. Possible values are: .Required
itemsThe new items to be added (comma separated IP addresses).Required
pollingUse Cortex XSOAR built-in polling to retrieve the result when it's ready. Default is False. Possible values are: true, false. Default is True.Optional
intervalIndicates how long to wait between command execution (in seconds) when 'polling' argument is true. Minimum value is 10 seconds. Default is 30. Default is 10.Optional
timeoutIndicates the time in seconds until the polling sequence timeouts. Default is 60. Default is 60.Optional
operation_idThe ID of the pipeline run to retrieve when polling argument is true. Intended for use by the Polling process and does not need to be provided by the user.Optional

Context Output#

There is no context output for this command.

cloudflare-waf-ip-list-item-update#


Replace the IP-list items with a new items

Base Command#

cloudflare-waf-ip-list-item-update

Input#

Argument NameDescriptionRequired
list_idThe list ID.Required
itemsThe new items.Required
pollingUse Cortex XSOAR built-in polling to retrieve the result when it's ready. Default is False. Possible values are: true, false. Default is True.Optional
intervalIndicates how long to wait between command execution (in seconds) when 'polling' argument is true. Minimum value is 10 seconds. Default is 30. Default is 10.Optional
timeoutIndicates the time in seconds until the polling sequence timeouts. Default is 60. Default is 60.Optional
operation_idThe ID of the pipeline run to retrieve when polling argument is true. Intended for use by the Polling process and does not need to be provided by the user.Optional

Context Output#

There is no context output for this command.

cloudflare-waf-ip-list-item-delete#


Delete item of a IP-list by the specified list ID and list item.

Base Command#

cloudflare-waf-ip-list-item-delete

Input#

Argument NameDescriptionRequired
list_idThe list ID.Required
items_idThe items ID to be delete.Required
pollingUse Cortex XSOAR built-in polling to retrieve the result when it's ready. Default is False. Possible values are: true, false. Default is True.Optional
intervalIndicates how long to wait between command execution (in seconds) when 'polling' argument is true. Minimum value is 10 seconds. Default is 30. Default is 10.Optional
timeoutIndicates the time in seconds until the polling sequence timeouts. Default is 60. Default is 60.Optional
operation_idThe ID of the pipeline run to retrieve when polling argument is true. Intended for use by the Polling process and does not need to be provided by the user.Optional

Context Output#

There is no context output for this command.

cloudflare-waf-ip-list-item-list#


List all items in the List or details of individual item by ID.

Base Command#

cloudflare-waf-ip-list-item-list

Input#

Argument NameDescriptionRequired
list_idThe list ID.Required
item_idRetrieve details for an individual item Id.Optional
pagePage number of paginated results.
Default value: 1, min value: 1.
Optional
page_sizeNumber of zones per page. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15.Optional
limitThe maximum number of records to retrieve. The argument accepts values ‚Äč‚Äčdivided by 5. Minimum value 5. Maximum value 100. For example: 5,10,15. Default is 50.Optional

Context Output#

PathTypeDescription
CloudflareWAF.IpListItem.itemsUnknownThe list items.
CloudflareWAF.IpListItem.list_idStringThe list ID.

Command example#

!cloudflare-waf-ip-list-item-list list_id="e6efdc37cf7d41f2860a3fd448c68df8"

Context Example#

{
"CloudflareWAF": {
"IpListItem": {
"items": [
{
"created_on": "2022-04-26T10:58:55Z",
"id": "b3016f6529274bbd8086a4ac0be07822",
"ip": "120.2.2.8",
"modified_on": "2022-04-26T10:59:24Z"
},
{
"created_on": "2022-04-25T13:01:32Z",
"id": "e5a81036d2c549dba90460c6b5745495",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T13:01:32Z"
},
{
"created_on": "2022-04-25T13:12:09Z",
"id": "93d34d1f299a46659fe61fa2165d38a3",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T13:12:09Z"
},
{
"created_on": "2022-04-25T12:45:50Z",
"id": "748c3ae947ca49d3aada448d233838e0",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T12:46:05Z"
},
{
"created_on": "2022-04-25T12:45:50Z",
"id": "ceea4f5b3e124a72a9aed4a779ce8dcb",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T12:46:05Z"
},
{
"created_on": "2022-04-25T12:45:50Z",
"id": "eab6abfa0d754c629a9bce69ab3cc5fb",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T12:46:05Z"
},
{
"created_on": "2022-04-25T12:45:50Z",
"id": "eccdf2f286804a988850accbaaeaa462",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T12:46:05Z"
},
{
"created_on": "2022-04-25T12:45:50Z",
"id": "d3b69c4d7bc34384a7448498dd8d9b45",
"ip": "120.2.2.8",
"modified_on": "2022-04-25T12:46:05Z"
}
],
"list_id": "e6efdc37cf7d41f2860a3fd448c68df8"
}
}
}

Human Readable Output#

ip-list e6efdc37cf7d41f2860a3fd448c68df8#

Showing 8 rows out of 8. |Id|Ip|Created On|Modified On| |---|---|---|---| | b3016f6529274bbd8086a4ac0be07822 | 120.2.2.8 | 2022-04-26T10:58:55Z | 2022-04-26T10:59:24Z | | e5a81036d2c549dba90460c6b5745495 | 120.2.2.8 | 2022-04-25T13:01:32Z | 2022-04-25T13:01:32Z | | 93d34d1f299a46659fe61fa2165d38a3 | 120.2.2.8 | 2022-04-25T13:12:09Z | 2022-04-25T13:12:09Z | | 748c3ae947ca49d3aada448d233838e0 | 120.2.2.8 | 2022-04-25T12:45:50Z | 2022-04-25T12:46:05Z | | ceea4f5b3e124a72a9aed4a779ce8dcb | 120.2.2.8 | 2022-04-25T12:45:50Z | 2022-04-25T12:46:05Z | | eab6abfa0d754c629a9bce69ab3cc5fb | 120.2.2.8 | 2022-04-25T12:45:50Z | 2022-04-25T12:46:05Z | | eccdf2f286804a988850accbaaeaa462 | 120.2.2.8 | 2022-04-25T12:45:50Z | 2022-04-25T12:46:05Z | | d3b69c4d7bc34384a7448498dd8d9b45 | 120.2.2.8 | 2022-04-25T12:45:50Z | 2022-04-25T12:46:05Z |