Skip to main content

Block Account - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook blocks malicious usernames using all integrations that you have enabled.

Supported integrations for this playbook:

  • Active Directory
  • PAN-OS - This requires PAN-OS 9.1 or higher.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • Active Directory Query v2


  • SetAndHandleEmpty
  • IsIntegrationAvailable


  • panorama-register-user-tag
  • pingone-deactivate-user
  • identityiq-disable-account
  • ad-disable-account
  • iam-disable-user

Playbook Inputs#

NameDescriptionDefault ValueRequired
UsernameArray of malicious usernames to block.Optional
TagPAN-OS Tag name to apply to the username that you want to block.Bad AccountOptional
NamingConventionIn case you are using naming convention in your IDP, please specify a prefix for special/service accounts (use comma separated)Optional
UserVerificationPossible values:True/False. Default:True.
Specify if User Verification is Requrired

Playbook Outputs#

Blocklist.FinalBlocked accountsunknown

Playbook Image#

Block Account - Generic v2