Supported Cortex XSOAR versions: 6.8.0 and later.
This playbook adds new block rule(s) to on-prem firewall vendors in order to block internet access for internet exposures.
- Multiple integration instances configured at the same time are not supported (Panorama or standalone NGFW).
- Multiple rules with the same name in different device-groups not supported (Panorama).
- !pan-os-list-services will fail if there are no services in a specific device-group (Panorama).
This playbook uses the following sub-playbooks, integrations, and scripts.
- PAN-OS - Block Destination Service
This playbook does not use any scripts.
|RuleName||Firewall rule name to look up in the company configuration setting for block rule.||Required|
|RemoteIP||IP address of the service.||alert.remoteip||Required|
|RemoteProtocol||Protocol of the service.||alert.appid||Required|
|RemotePort||Port number of the service.||alert.remoteport||Required|
|DeviceGroup||Device group of the firewall rule to lookup.||Optional|
|SecondaryDeviceGroup||If the rule, address and service are created in the "Shared" location, we need to know what device-groups we can push to because it isn't possible to push to the "Shared" location.||Optional|
There are no outputs for this playbook.