Skip to main content

Block IOCs from CSV - External Dynamic List

This Playbook is part of the Palo Alto Networks PAN-OS EDL Management (Deprecated) Pack.#


Use Generic Export Indicators Service instead.

Parses a CSV file with IOCs and blocks them using Palo Alto Networks External Dynamic Lists.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • PAN-OS - Block IP and URL - External Dynamic List
  • PAN-OS - Block Domain - External Dynamic List
  • Add Indicator to Miner - Palo Alto MineMeld


This playbook does not use any integrations.


  • ParseCSV


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPColumnThe column number that contains IP addresses. (First column is column 0).-Optional
DomainColumnThe column number that contains domains. (First column is column 0).-Optional
FileColumnThe column number that contains hashes. (First column is column 0).-Optional
MinerThe Miner name to upload the indicators to in MineMeld.-Optional
IPListNameThe IP address list from the instance context with which to override the remote file.Demisto Remediation - IP EDLOptional
DomainListNameThe domain list from the instance context with which to override the remote file.Demisto Remediation - Domain EDLOptional
EDLServerIPThe EDL server IP address.-Optional
LogForwardingThe log forwarding object name.-Optional
AutoCommitThe input establishes whether to commit the configuration automatically. Yes - Commit automatically. No - Commit manually.NoOptional
pre-post-rulebaseEither pre-rulebase or post-rulebase, according to the rule structure.pre-rulebaseOptional
rule-positionThe position of the rule in the ruleset. Valid values are, "Top", "Bottom", "Before", or "After".TopOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#