TIM - Process CIDR Indicators By Size

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook processes CIDR indicators of both IPV4 and IPV6. By specifying in the inputs the maximum number of hosts allowed per CIDR, the playbook tags any CIDR that exceeds the number as pending_review. If the maximum CIDR size is not specified in the inputs, the playbook does not run.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

  • appendIndicatorField

Playbook Inputs#


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
MaximumHostSizePermittedThe maximum number of hosts that a CIDR can contain for auto approval. If the number of hosts is greater than approved, the CIDR is tagged for manual review.Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Playbook Image