Skip to main content

Block IP - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Deprecated

Use the Block IP - Generic v3 playbook instead.

Deprecated. Use the Block IP - Generic v3 playbook instead. This playbook blocks malicious IPs using all integrations that are enabled.

Supported integrations for this playbook:

  • Check Point Firewall
  • Palo Alto Networks Minemeld
  • Palo Alto Networks PAN-OS
  • Zscaler
  • FortiGate

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • PAN-OS - Block IP - Static Address Group
  • PAN-OS DAG Configuration
  • PAN-OS - Block IP - Custom Block Rule
  • PAN-OS - Block IP and URL - External Dynamic List
  • Add Indicator to Miner - Palo Alto MineMeld

Integrations#

  • Zscaler

Scripts#

This playbook does not use any scripts.

Commands#

  • checkpoint-block-ip
  • fortigate-ban-ip
  • zscaler-blacklist-ip

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPBlacklistMinerThe name of the IP block list Miner in Minemeld.Optional
IPArray of malicious IPs to block.Optional
CustomBlockRuleThis input determines whether Palo Alto Networks Panorama or Firewall Custom Block Rules are used.
Specify True to use Custom Block Rules.		TrueOptional
LogForwardingPanorama log forwarding object name.Optional
AutoCommitThis input determines whether to commit the configuration automatically.
Yes - Commit automatically.
No - Commit manually.		NoOptional
StaticAddressGroupThis input determines whether Palo Alto Networks Panorama or Firewall Static Address Groups are used.
Specify the Static Address Group name for IP handling.		Optional
IPListNameThis input determines whether Palo Alto Networks Panorama or Firewall External Dynamic Lists are used for blocking IPs.
Specify the EDL name for IP handling.		Optional
EDLServerIPThis input determines whether Palo Alto Networks Panorama or Firewall External Dynamic Lists are used:
* The IP address of the web server on which the files are stored.
* The web server IP address is configured in the integration instance.		Optional
DAGThis input determines whether Palo Alto Networks Panorama or Firewall Dynamic Address Groups are used.
Specify the Dynamic Address Group tag name for IP handling.		Optional

Playbook Outputs#

PathDescriptionType
CheckpointFWRule.DestinationRule Destination.unknown
CheckpointFWRule.DestinationNegateRule destination negate status (True/False).unknown
PanoramaRule.DirectionDirection of the Panorama rule. Can be 'to','from', 'both'string
PanoramaRule.IPThe IP the Panorama rule blocksstring
CheckpointFWRule.NameRule name.unknown
PanoramaRule.NameName of the Panorama rulestring
CheckpointFWRule.UIDRule UID.unknown
PanoramaRuleList of Panorama rulesunknown
CheckpointFWRule.TypeRule Type.unknown
CheckpointFWRule.ActionRule action (Valid values are: Accept, Drop, Apply Layer, Ask, Info).unknown
CheckpointFWRule.ActionSettingRule action settings.unknown
CheckpointFWRule.CustomFieldsRule custom fields.unknown
CheckpointFWRule.DataRule data.unknown
CheckpointFWRule.DataDirectionRule data direction.unknown
CheckpointFWRule.DataNegateRule data negate status (True/False).unknown
CheckpointFWRule.DomainRule domain.unknown
CheckpointFWRule.EnabledRule status.unknown
CheckpointFWRule.HitsRule hits count.unknown
CheckpointFWRule.Data.NameRule data object name.unknown
CheckpointFWRule.Data.DomainInformation about the domain the data object belongs to.unknown
CheckpointFWRule.Domain.NameRule domain name.unknown
CheckpointFWRule.Domain.UIDRule domain UID.unknown
CheckpointFWRule.Domain.TypeRule domain type.unknown
CheckpointFWRule.Hits.FirstDateThe date of the first hit for the rule.unknown
CheckpointFWRule.Hits.LastDateThe date of the last hit for the rule.unknown
CheckpointFWRule.Hits.LevelLevel of rule hits.unknown
CheckpointFWRule.Hits.PercentagePercentage of rule hits.unknown
CheckpointFWRule.Hits.ValueValue of rule hits.unknown

Playbook Image#

Block IP - Generic v2

Edit this page
Report an Issue