Skip to main content

PAN-OS - Block all unknown and unauthorized applications

This Playbook is part of the MITRE ATT&CK - Courses of Action Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook is used to find and remove all rules that allow unauthorized applications communication as any. The playbook performs the following tasks:

  • Lists PAN-OS policy rules.
  • Checks for a rule that allows applications as any.
  • Deletes the rule based on user approval.
  • Commits the configuration.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • PAN-OS Commit Configuration

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

  • pan-os-list-rules
  • pan-os-delete-rule

Playbook Inputs#


NameDescriptionDefault ValueRequired
pre_postRules location. Can be 'pre-rulebase' or 'post-rulebase'. Mandatory for Panorama instances.Optional
device-groupThe device group for which to return addresses (Panorama instances).Optional
tagTag for which to filter the rules.Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


PAN-OS - Block all unknown and unauthorized applications