Skip to main content

PANW - Hunting and threat detection by indicator type

This Playbook is part of the Deprecated Content Pack.#

Deprecated

Use the "PANW - Hunting and threat detection by indicator type V2" playbook instead.

Deprecated

Use the "PANW - Hunting and threat detection by indicator type V2" playbook instead.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Autofocus Query Samples, Sessions and Tags
  • PAN-OS Query Logs For Indicators
  • Convert file hash to corresponding hashes

Integrations#

This playbook does not use any integrations.

Scripts#

  • Set

Commands#

  • cortex-query-analytics-logs
  • cortex-query-traps-logs
  • cortex-query-threat-logs
  • cortex-query-traffic-logs

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
SHA256The SHA256 hash for indicator to hunt.SHA256FileOptional
MD5The MD5 hash for indicator to hunt.MD5FileOptional
SHA1The SHA1 hash for indicator to hunt.SHA1FileOptional
IP addressesThe list of IP addresses.${IP.Address}-Optional
DomainThe list of domains or URLs.${Domain.Name}-Optional

Playbook Outputs#


PathDescriptionType
detectedipsThe IP address or array of IP addresses that were detected during hunting.string
detectedhostsThe Host or array of hosts that were detected during hunting.string
detectedusersThe User or array of users that were detected during hunting.string
trapsidThe ID or array of IDs for traps hosts detected in the searches.string

Playbook Image#


PANW_Hunting_and_threat_detection_by_indicator_type