TIM - Process Indicators Against Organizations External IP List

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook processes indicators to check if they exist in a Cortex XSOAR list containing the organizational External IP addresses, and tags the indicators accordingly.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

FilterByList
SetAndHandleEmpty

Commands

appendIndicatorField

Playbook Inputs

Name	Description	Default Value	Required
Indicator Query	Indicators matching the indicator query will be used as playbook input		Optional
OrganizationsExternalIPListName	A Cortex XSOAR list containing the organization's External IP address values. IP Indicators that appear in the list are tagged as organizations external ip.		Optional

Playbook Outputs

Path	Description	Type
OrganizationExternalIP	IP addresses that are found in the organization's external IP list.	string
NotOrganizationExternalIP	IP addresses that are not found in the organization's external IP list.	string

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

TIM - Process Indicators Against Organizations External IP List

Supported versions

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Supported versions

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image