TIM - Process Indicators Against Organizations External IP List

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook processes indicators to check if they exist in a Cortex XSOAR list containing the organizational External IP addresses, and tags the indicators accordingly.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

  • FilterByList
  • SetAndHandleEmpty

Commands#

  • appendIndicatorField

Playbook Inputs#


NameDescriptionDefault ValueRequired
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
OrganizationsExternalIPListNameA Cortex XSOAR list containing the organization's External IP address values. IP Indicators that appear in the list are tagged as organizations external ip.Optional

Playbook Outputs#


PathDescriptionType
OrganizationExternalIPIP addresses that are found in the organization's external IP list.string
NotOrganizationExternalIPIP addresses that are not found in the organization's external IP list.string

Playbook Image#


Playbook Image