Skip to main content

Prisma Access Whitelist Egress IPs on SaaS Services

This Playbook is part of the Prisma SASE by Palo Alto Networks Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Retrieve Prisma Access Egress IP for specific geographic Zones and populate in security groups within cloud services.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • IP Whitelist - AWS Security Group
  • IP Whitelist - GCP Firewall
  • Allow IP - Okta Zone


  • PrismaAccessEgressIPFeed


This playbook does not use any scripts.


  • prisma-access-get-indicators
  • closeInvestigation

Playbook Inputs#

NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
AWSSecurityGroupNameName of the AWS Security Group to update with the IPs.Optional
OktaZoneIDID of the Okta Zone to update. Use !okta-list-zones to obtainOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Prisma Access Whitelist Egress IPs on SaaS Services