Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook is a sub-playbook within the containment plan playbook.
The playbook block indicators by two methods:
- It adds the malicious hashes into the XSIAM hash block list
- It utilizes the sub-playbook "Block Indicators - Generic v3"
This playbook uses the following sub-playbooks, integrations, and scripts.
- Block Indicators - Generic v3
This playbook does not use any integrations.
This playbook does not use any scripts.
|Set to 'True' to block the indicators.
|Possible values: True/False.
Whether to provide user verification for blocking those IPs.
False - No prompt will be displayed to the user.
True - The server will ask the user for blocking verification and will display the blocking list.
|Possible values: True/False. Default: True.
Should the given indicators be automatically blocked, or should the user be given the option to choose?
If set to False - no prompt will appear, and all provided indicators will be blocked automatically.
If set to True - the user will be prompted to select which indicators to block.
|The file hash to block.
|The IP indicators.
|The domain indicators.
|The URL indicator.
|The username to disable.
|The path of the file to block.
|Whether to execute containment plan automatically.
|The file Hash that was added to the blocklist.