Skip to main content

Cortex ASM - On Prem Remediation

This Playbook is part of the Cortex Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

This playbook adds new block rule(s) to on-prem firewall vendors in order to block internet access for internet exposures.


  • Multiple integration instances configured at the same time are not supported (Panorama or standalone NGFW).
  • Multiple rules with the same name in different device-groups not supported (Panorama).
  • !pan-os-list-services will fail if there are no services in a specific device-group (Panorama).


This playbook uses the following sub-playbooks, integrations, and scripts.


  • PAN-OS - Block Destination Service


  • Panorama


This playbook does not use any scripts.


  • pan-os-list-rules

Playbook Inputs#

NameDescriptionDefault ValueRequired
RuleNameFirewall rule name to look up in the company configuration setting for block rule.Required
RemoteIPIP address of the service.alert.remoteipRequired
RemoteProtocolProtocol of the service.alert.appidRequired
RemotePortPort number of the service.alert.remoteportRequired
DeviceGroupDevice group of the firewall rule to lookup.Optional
SecondaryDeviceGroupIf the rule, address and service are created in the "Shared" location, we need to know what device-groups we can push to because it isn't possible to push to the "Shared" location.Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Cortex ASM - On Prem Remediation