Skip to main content

ACTI Block High Severity Indicators

This Playbook is part of the Accenture CTI v2 Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Sends indicators imported from ACTI feeds with a severity rating of 5 or higher to your firewall to be blocked.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Block IP - Generic v2
  • Block Domain - Generic
  • Block URL - Generic

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
IPConsiders IP(s) which have severity 5 or more${DBotScore.Indicator}Optional
URLConsiders URL(s) which have severity 5 or more${DBotScore.Indicator}Optional
DomainConsiders Domain(s) which have severity 5 or more${DBotScore.Indicator}Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


ACTI Block High Severity Indicators