Skip to main content

Block IP - Generic v2

This Playbook is part of the Common Playbooks Pack.#

This playbook blocks malicious IPs using all integrations that are enabled.

Supported integrations for this playbook:

  • Check Point Firewall
  • Palo Alto Networks Minemeld
  • Palo Alto Networks PAN-OS
  • Zscaler
  • FortiGate


This playbook uses the following sub-playbooks, integrations, and scripts.


  • PAN-OS - Block IP - Custom Block Rule
  • PAN-OS - Block IP - Static Address Group
  • Add Indicator to Miner - Palo Alto MineMeld
  • PAN-OS - Block IP and URL - External Dynamic List
  • PAN-OS DAG Configuration


  • Zscaler


This playbook does not use any scripts.


  • checkpoint-block-ip
  • zscaler-blacklist-ip
  • fortigate-ban-ip

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPBlacklistMinerThe name of the IP block list Miner in Minemeld.Optional
IPArray of malicious IPs to block.Optional
CustomBlockRuleThis input determines whether Palo Alto Networks Panorama or Firewall Custom Block Rules are used.
Specify True to use Custom Block Rules.TrueOptional
LogForwardingPanorama log forwarding object name.Optional
AutoCommitThis input determines whether to commit the configuration automatically.

Yes - Commit automatically. No - Commit manually. | No | Optional | | StaticAddressGroup | This input determines whether Palo Alto Networks Panorama or Firewall Static Address Groups are used. Specify the Static Address Group name for IP handling. | | Optional | | IPListName | This input determines whether Palo Alto Networks Panorama or Firewall External Dynamic Lists are used for blocking IPs. Specify the EDL name for IP handling. | | Optional | | EDLServerIP | This input determines whether Palo Alto Networks Panorama or Firewall External Dynamic Lists are used: * The IP address of the web server on which the files are stored. * The web server IP address is configured in the integration instance. | | Optional | | DAG | This input determines whether Palo Alto Networks Panorama or Firewall Dynamic Address Groups are used. Specify the Dynamic Address Group tag name for IP handling. | | Optional |

Playbook Outputs#

CheckpointFWRule.DestinationRule Destination.unknown
CheckpointFWRule.DestinationNegateRule destination negate status (True/False).unknown
PanoramaRule.DirectionDirection of the Panorama rule. Can be 'to','from', 'both'string
PanoramaRule.IPThe IP the Panorama rule blocksstring
CheckpointFWRule.NameRule name.unknown
PanoramaRule.NameName of the Panorama rulestring
CheckpointFWRule.UIDRule UID.unknown
PanoramaRuleList of Panorama rulesunknown
CheckpointFWRule.TypeRule Type.unknown
CheckpointFWRule.ActionRule action (Valid values are: Accept, Drop, Apply Layer, Ask, Info).unknown
CheckpointFWRule.ActionSettingRule action settings.unknown
CheckpointFWRule.CustomFieldsRule custom fields.unknown
CheckpointFWRule.DataRule data.unknown
CheckpointFWRule.DataDirectionRule data direction.unknown
CheckpointFWRule.DataNegateRule data negate status (True/False).unknown
CheckpointFWRule.DomainRule domain.unknown
CheckpointFWRule.EnabledRule status.unknown
CheckpointFWRule.HitsRule hits count.unknown
CheckpointFWRule.Data.NameRule data object name.unknown
CheckpointFWRule.Data.DomainInformation about the domain the data object belongs to.unknown
CheckpointFWRule.Domain.NameRule domain name.unknown
CheckpointFWRule.Domain.UIDRule domain UID.unknown
CheckpointFWRule.Domain.TypeRule domain type.unknown
CheckpointFWRule.Hits.FirstDateThe date of the first hit for the rule.unknown
CheckpointFWRule.Hits.LastDateThe date of the last hit for the rule.unknown
CheckpointFWRule.Hits.LevelLevel of rule hits.unknown
CheckpointFWRule.Hits.PercentagePercentage of rule hits.unknown
CheckpointFWRule.Hits.ValueValue of rule hits.unknown