Skip to main content

Block Account - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook blocks malicious usernames using all integrations that you have enabled.

Supported integrations for this playbook:

  • Active Directory
  • PAN-OS - This requires PAN-OS 9.1 or higher.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Active Directory Query v2

Scripts#

  • SetAndHandleEmpty
  • IsIntegrationAvailable

Commands#

  • panorama-register-user-tag
  • pingone-deactivate-user
  • identityiq-disable-account
  • ad-disable-account
  • iam-disable-user

Playbook Inputs#


NameDescriptionDefault ValueRequired
UsernameArray of malicious usernames to block.Optional
TagPAN-OS Tag name to apply to the username that you want to block.Bad AccountOptional
NamingConventionIn case you are using naming convention in your IDP, please specify a prefix for special/service accounts (use comma separated)Optional
UserVerificationPossible values:True/False. Default:True.
Specify if User Verification is Requrired
TrueOptional

Playbook Outputs#


PathDescriptionType
Blocklist.FinalBlocked accountsunknown

Playbook Image#


Block Account - Generic v2