Skip to main content

Change Management

This Playbook is part of the Change Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.1.0 and later.

If you are using PAN-OS/Panorama firewall and Jira or ServiceNow as a ticketing system, this playbook will be a perfect match for your change management for firewall process. This playbook can be triggered by 2 different options - a fetch from ServiceNow or Jira - and will help you manage and automate your change management process.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • ServiceNow Change Management
  • Jira Change Management


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
TicketSummaryProvide a summary for your firewall change request.incident.detailsOptional
SecurityTeamEmailThe email of the security team that approves the firewall requests.Optional
log_typeLog type to query. Can be: traffic, threat, wildfire, url or data-filtering.trafficOptional
queryThe query string by which to match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs.Optional
Query_logsBy providing the value "Yes" to this input, the "Panorama Query Logs" playbook will be activated.YesOptional
addr-srcThe source address for the change request.incident.sourceipsOptional
addr-dstThe destination address for the change request.incident.destinationipsOptional
port-dstThe destination ports for the change request.incident.dstportsOptional
zone-srcThe relevant firewall source zone for the change request.incident.sourcenetworksOptional
zone-dstThe relevant firewall destination zone for the change request.incident.destinationnetworksOptional
ActionThe action for the change request (such as: allow, drop, deny)incident.policyactionsOptional
ProtocolThe relevant IP protocol for the change request.incident.protocolOptional
Log_forwardingLog forwarding profile.Optional
Profile_settingA profile setting group.Optional
ServiceA comma-separated list of service object names for the rule.incident.protocolnamesOptional
ApplicationA comma-separated list of application object names for the rule to create.Optional
TargetTarget number of the firewall. Use only for a Panorama instance.Optional
VsysTarget vsys of the firewall. Use only for a Panorama instance.Optional
RulenameName of the rule to create.Optional
Rule_positionPre rule or Post rule (Panorama instances).
Possible options:
- post-rulebase
- pre-rulebase
DescriptionSet the description of the ticket.Optional
Time_generatedThe time the log was generated from the timestamp and prior to it. For example: "2019/08/11 01:10:44".Optional
TestConfigurationsBy providing YES to this input, the requested firewall rule will be tested in your test environment.Optional
TestInstanceThe instance name of the firewall in the DEV environment for testing the new rule.Optional
Closing_status_approvedThe closing status in Jira is changing in the project templates. Please provide the relevant closing status if the issue was approved.Optional
Closing_status_rejectedThe closing status in Jira is changing in the project templates. Please provide the relevant closing status if the issue was rejected.Optional
LimitMaximum number of API requests that the
PanoramaSecurityPolicyMatchWrapper script will send.
The default is 500.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Change Management