Prisma Access Egress IP feed

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Dynamically retrieve and allow IPs Prisma Access uses to egress traffic to the internet and SaaS apps.

Configure Prisma Access Egress IP feed on Demisto#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Prisma Access Egress IP feed.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
feedFetch indicatorsFalse
URLURLTrue
api_keyPrisma Access API KeyTrue
serviceTypeService TypeTrue
addrTypeAddress TypeTrue
locationLocationFalse
feedReputationIndicator ReputationFalse
feedReliabilitySource ReliabilityTrue
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlpFalse
feedExpirationPolicyFalse
feedExpirationIntervalFalse
feedFetchIntervalFeed Fetch IntervalFalse
feedBypassExclusionListBypass exclusion listFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

prisma-access-get-indicators#


Gets indicators from the feed.

Base Command#

prisma-access-get-indicators

Input#
Argument NameDescriptionRequired
limitThe maximum number of results to return. By default all IPs are returned.Optional
Context Output#
PathTypeDescription
PrismaAccess.Egress.IP.AddressstringPrisma Access Egress IP address
PrismaAccess.Egress.IP.ZonestringPrisma Access Egress IP zone
Command Example#

!prisma-access-get-indicators limit=300