Skip to main content

Block URL - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook blocks malicious URLs using all integrations that are enabled.

Supported integrations for this playbook:

  • Palo Alto Networks PAN-OS
  • Zscaler
  • Sophos
  • Forcepoint
  • Checkpoint
  • Netcraft


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Sophos Firewall - Block URL
  • Prisma SASE - Block URL
  • Checkpoint - Block URL
  • PAN-OS - Block URL - Custom URL Category


  • Forcepoint
  • Zscaler


  • IsIntegrationAvailable
  • SetAndHandleEmpty


  • fp-add-address-to-category
  • zscaler-blacklist-url
  • netcraft-attack-report
  • appendIndicatorField

Playbook Inputs#

NameDescriptionDefault ValueRequired
URLArray of malicious URLs to block.Optional
LogForwardingLog Forwarding object name.Optional
AutoCommitThis input establishes whether to commit the configuration automatically.
Yes - Commit automatically.
No - Commit manually.
CustomURLCategoryCustom URL Category name.XSOAR Remediation - Malicious URLsOptional
typeCustom URL category type. Insert "URL List"/ "Category Match".Optional
categoriesThe list of categories. Relevant from PAN-OS v9.x.Optional
UserVerificationPossible values:True/False. Default:True.
Specify if User Verification is Requrired
EDLServerIPEDL Server IP AddressOptional
device-groupDevice group for the Custom URL Category (Panorama instances).Optional
TagInsert a tag name with which indicators will get tagged. This tag can be used later in the External Dynamic Lists integration by using the tag for filtering IPs in the indicator query.Optional
FolderFor Prisma SASE usage - Specify the scope for a newly created security rule to be applied.
Remember, this input will only be used when there is no input to the CategoryName.
Default: Shared

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Block URL - Generic v2