Skip to main content

Prisma SASE - Block URL

This Playbook is part of the Prisma SASE by Palo Alto Networks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

The playbook will handle the operation of blocking a URL within the organization. If a category is provided, the URL will be added to the list. If not, a new URL category will be created, and a new security rule that blocks that category.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Prisma SASE - Create or Edit Security Policy Rule

Integrations#

  • PrismaSASE

Scripts#

This playbook does not use any scripts.

Commands#

  • prisma-sase-custom-url-category-create
  • prisma-sase-custom-url-category-list
  • prisma-sase-candidate-config-push
  • prisma-sase-custom-url-category-update

Playbook Inputs#


NameDescriptionDefault ValueRequired
URLList of URLs that are needed to be blocked.Optional
CategoryNameThe name of the predefined custom URL category.Optional
FolderSpecify the scope for a newly created security rule to be applied.
Remember, this input will only be used when there is no input to the CategoryName.
Default: Shared
SharedOptional
TSGIDTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional
AutoCommitPossible Values:
True -> Will Commit and Push Configuration
False -> Manual Push will be required.
Else --> Will ignore the push section and continue the playbook.
Optional

Playbook Outputs#


PathDescriptionType
PrismaSaseThe root context key for Prisma SASE integration output.unknown
PrismaSase.SecurityRuleCreated security rule.unknown
PrismaSase.SecurityRule.actionSecurity rule action.unknown
PrismaSase.SecurityRule.applicationSecurity rule application.unknown
PrismaSase.SecurityRule.categorySecurity rule category.unknown
PrismaSase.SecurityRule.descriptionSecurity rule description.unknown
PrismaSase.SecurityRule.destinationSecurity rule destination.unknown
PrismaSase.SecurityRule.folderSecurity rule folder.unknown
PrismaSase.SecurityRule.fromSecurity rule from field (source zone(s)).unknown
PrismaSase.SecurityRule.idSecurity rule ID.unknown
PrismaSase.SecurityRule.nameSecurity rule name.unknown
PrismaSase.SecurityRule.positionSecurity rule position.unknown
PrismaSase.SecurityRule.serviceSecurity rule service.unknown
PrismaSase.SecurityRule.sourceSecurity rule source.unknown
PrismaSase.SecurityRule.source_userSecurity rule source user.unknown
PrismaSase.SecurityRule.toSecurity rule to field (destination zone(s)).unknown
PrismaSase.SecurityRule.profile_settingThe Security rule group object in the rule.unknown
PrismaSase.SecurityRule.profile_setting.groupSecurity rule group.unknown
PrismaSase.CandidateConfigConfiguration job object.unknown
PrismaSase.CandidateConfig.job_idConfiguration job ID.unknown
PrismaSase.CandidateConfig.resultThe configuration push result, e.g. OK, FAIL.unknown
PrismaSase.CandidateConfig.detailsThe configuration push details.unknown
PrismaSase.CustomURLCategoryThe custom URL category object.unknown
PrismaSase.CustomURLCategory.idThe URL category ID.unknown
PrismaSase.CustomURLCategory.nameThe URL category name.unknown
PrismaSase.CustomURLCategory.folderThe URL category folder.unknown
PrismaSase.CustomURLCategory.typeThe URL category type.unknown
PrismaSase.CustomURLCategory.listThe URL category match list.unknown
PrismaSase.CustomURLCategory.descriptionThe URL category description.unknown

Playbook Image#


Prisma SASE - Block URL