Palo Alto Networks - Malware Remediation

Performs malicious IOC remediation using Palo Alto Networks integrations.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • PAN-OS - Block URL - Custom URL Category
  • PAN-OS - Block IP - Static Address Group
  • PAN-OS DAG Configuration
  • PAN-OS - Block IP and URL - External Dynamic List
  • PAN-OS - Block Domain - External Dynamic List
  • Traps Quarantine Event
  • PAN-OS - Block IP - Custom Block Rule
  • Traps Blacklist File
  • Add Indicator to Miner - Palo Alto MineMeld
  • Traps Isolate Endpoint

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
DAGWhether the Palo Alto Networks Panorama or Firewall Dynamic Address Groups are used. Specify the Dynamic Address Group tag name for IP address handling.--Optional
CustomURLCategoryWhether the Palo Alto Networks Panorama or Firewall Custom URL Categories are used. Specify the category name for URL handling.--Optional
CustomBlockRuleWhether the Palo Alto Networks Panorama or Firewall Custom block rules are used. To use the Custom Block Rules select "True".False-Optional
IPListNameWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists, are used for IP Blocking. Specify the EDL name for IP address handling.--Optional
IPThe malicious IP Addresses to block.AddressIPOptional
URLThe malicious URLs to block.DataURLOptional
LogForwardingThe Panorama log forwarding object name.--Optional
StaticAddressGroupWhether the Palo Alto Networks Panorama or Firewall Static address groups are used. Specify the Static IP address group name for IP address handling.--Optional
MinerWhether the Palo Alto Networks Minemeld is used. Specify the Miner name to update the malicious indicators.--Optional
AutoCommitWhether to commit the configuration automatically. Choose "Yes" to commit automatically. Choose "No" to commit manually.No-Optional
URLListNameWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists are used for URL Blocking. Specify the EDL name for URL handling.--Optional
EDLServerIPWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists are used. The IP address of the web server on which the files are stored. The web server IP address is configured in the integration instance.--Optional
TrapsWhether the Palo Alto Networks Traps remediation will take place. Can be, "Yes" or "No".--Optional
EndpointIdThe Traps Endpoint ID to isolate.--Optional
EventIdThe Traps event ID to perform file quarantine on.--Optional
SHA256The SHA256 file hash to blacklist using Traps.SHA256FileOptional
DomainListNameWhether the Palo Alto Networks Panorama or Firewall External Dynamic Lists, are used for domain blocking. Specify the EDL name for domain handling.--Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Palo_Alto_Networks_Malware_Remediation