PAN-OS - Enforce Anti-Spyware Best Practices Profile
MITRE ATT&CK - Courses of Action Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook enforces the Anti-Spyware Best Practices Profile as defined by Palo Alto Networks BPA. The playbook performs the following tasks:
- Check for DNS Security license (If license is not activated, the playbook refers users to their Palo Alto Networks account manager for further instructions).
- Get the existing profile information.
- Get the best practices profile information.
- Check if the best practices profile set by Cortex XSOAR is enforced. (If not, the playbook allows the user to compare the existing profile with the best practices and decide on the action to take).
- Create best practices profile.
- Apply profile to policy rules on PAN-OS firewall or Panorama.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- PAN-OS Commit Configuration
- Palo Alto Networks BPA - Submit Scan
- PAN-OS - Apply Security Profile to Policy Rule
#
IntegrationsThis playbook does not use any integrations.
#
Scripts- DeleteContext
- SetAndHandleEmpty
- ExportToCSV
#
Commands- pan-os-get-security-profiles
- pan-os-get-anti-spyware-best-practice
- pan-os-create-anti-spyware-best-practice-profile
- pan-os-get-licenses
- setIncident
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
device-group | The device group to work on. Exists only in panorama! | Optional | |
tag | Tag for which to filter the results. | Optional | |
pre-post-rulebase | Determines whether the rule is a pre-rulebase or post-rulebase rule, according to the rule structure. Exists only in panorama! | Optional |
#
Playbook OutputsThere are no outputs for this playbook.