TIM - Process Indicators Against Organizations External IP List
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook processes indicators to check if they exist in a Cortex XSOAR list containing the organizational External IP addresses, and tags the indicators accordingly.
Dependencies
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks
This playbook does not use any sub-playbooks.
Integrations
This playbook does not use any integrations.
Scripts
- FilterByList
- SetAndHandleEmpty
Commands
- appendIndicatorField
Playbook Inputs
Name | Description | Default Value | Required |
---|---|---|---|
Indicator Query | Indicators matching the indicator query will be used as playbook input | Optional | |
OrganizationsExternalIPListName | A Cortex XSOAR list containing the organization's External IP address values. IP Indicators that appear in the list are tagged as organizations external ip. | Optional |
Playbook Outputs
Path | Description | Type |
---|---|---|
OrganizationExternalIP | IP addresses that are found in the organization's external IP list. | string |
NotOrganizationExternalIP | IP addresses that are not found in the organization's external IP list. | string |