Skip to main content

Prisma SASE - Create or Edit Security Policy Rule

This Playbook is part of the Prisma SASE by Palo Alto Networks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

This playbook handles the creation or editing of the Security Policy Rule for Prisma SASE integration.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • PrismaSASE

Scripts#

  • PrintErrorEntry

Commands#

  • prisma-sase-security-rule-update
  • prisma-sase-security-rule-create
  • prisma-sase-security-rule-list
  • prisma-sase-candidate-config-push

Playbook Inputs#


NameDescriptionDefault ValueRequired
TSGIDTenant services group ID. If not provided, the tsg_id integration parameter will be used as the default.Optional
FolderThe configuration folder group setting.
The default value is 'Shared'.
SharedOptional
ActionPossible values:
allow,deny,drop,reset-both,reset-client,reset-server.
Optional
PositionRule position.
The default value is 'pre'.
preOptional
SourceA comma-separated list of source networks.
The default value is 'any'.
anyOptional
DestinationA comma-separated list of destination networks.
The default value is 'any'.
anyOptional
ServiceServices the rule applies to.
Default value is 'any'.
anyOptional
ApplicationA comma-separated list of applications.
Default value is 'any'.
anyOptional
RuleNameThe name of the security rule.Required
AutoCommitPossible values:
True -> Will commit and push configuration.
False -> Manual push will be required.
Else --> Will ignore the push section and continue the playbook.
Optional
OverwriteWhether to overwrite the original rule values.
The default value is 'false'.
FalseOptional
CategoryA comma-separated list of categories. You can get category values by running the prisma-sase-custom-url-category-list command.
Default value is 'any'.
anyOptional

Playbook Outputs#


PathDescriptionType
PrismaSase.CandidateConfigConfiguration job object.unknown
PrismaSase.CandidateConfig.job_idConfiguration job ID.unknown
PrismaSase.CandidateConfig.resultThe configuration push result, e.g., OK, FAIL.unknown
PrismaSase.CandidateConfig.detailsThe configuration push details.unknown
PrismaSaseThe root context key for Prisma SASE integration output.unknown
PrismaSase.SecurityRuleFound security rule.unknown
PrismaSase.SecurityRule.actionSecurity rule action.unknown
PrismaSase.SecurityRule.applicationSecurity rule application.unknown
PrismaSase.SecurityRule.categorySecurity rule category.unknown
PrismaSase.SecurityRule.descriptionSecurity rule description.unknown
PrismaSase.SecurityRule.destinationSecurity rule destination.unknown
PrismaSase.SecurityRule.folderSecurity rule folder.unknown
PrismaSase.SecurityRule.fromSecurity rule from field (source zone(s)).unknown
PrismaSase.SecurityRule.idSecurity rule ID.unknown
PrismaSase.SecurityRule.log_settingSecurity rule log setting.unknown
PrismaSase.SecurityRule.nameSecurity rule name.unknown
PrismaSase.SecurityRule.positionSecurity rule position.unknown
PrismaSase.SecurityRule.serviceSecurity rule service.unknown
PrismaSase.SecurityRule.sourceSecurity rule source.unknown
PrismaSase.SecurityRule.source_userSecurity rule source user.unknown
PrismaSase.SecurityRule.tagSecurity rule tag.unknown
PrismaSase.SecurityRule.toSecurity rule to field (destination zone(s)).unknown
PrismaSase.SecurityRule.negate_destinationSecurity rule negate destination.unknown
PrismaSase.SecurityRule.profile_settingThe Security rule group object in the rule.unknown
PrismaSase.SecurityRule.profile_setting.groupSecurity rule group.unknown

Playbook Image#


Prisma SASE - Create or Edit Security Policy Rule