Prisma Access Egress IP feed

Dynamically retrieve and allow IPs Prisma Access uses to egress traffic to the internet and SaaS apps. This integration was integrated and tested with version xx of Prisma Access Egress IP feed

Configure Prisma Access Egress IP feed on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Prisma Access Egress IP feed.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
feedFetch indicatorsFalse
URLURLTrue
api_keyPrisma Access API KeyTrue
serviceTypeService TypeTrue
addrTypeAddress TypeTrue
locationLocationFalse
feedReputationIndicator ReputationFalse
feedReliabilitySource ReliabilityTrue
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlpFalse
feedExpirationPolicyFalse
feedExpirationIntervalFalse
feedFetchIntervalFeed Fetch IntervalFalse
feedBypassExclusionListBypass exclusion listFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

prisma-access-get-indicators


Gets indicators from the feed.

Base Command

prisma-access-get-indicators

Input
Argument NameDescriptionRequired
limitThe maximum number of results to return. By default all IPs are returned.Optional
Context Output
PathTypeDescription
PrismaAccess.Egress.IP.AddressstringPrisma Access Egress IP address
PrismaAccess.Egress.IP.ZonestringPrisma Access Egress IP zone
Command Example

!prisma-access-get-indicators limit=300