valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-06 17:15:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
456bf91c26
Cortex-Analyzers/responders/PaloAltoNGFW_block_internal_port
History
staf711 1a8dfc338b Add responce for PaloAltoNGFW
2020-10-20 21:07:09 +03:00
..
Block_port.py Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00
PaloAltoNGFW_block_internal_port.json Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00
README.md Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00

README.md

Block external IP address for Palo Alto NGFW

Response module for block external IP address for Palo Alto NGFW

Installation

need install:

  1. pan-os-python
  2. thehive4py

ToDo

to work, you need to create Address_Group in PaloAltoNGFW and create security polites and name them in "name_internal_Service_Group".

First: you need add field "port" and "protocol" to "Observable types management" in the hive. or you can change script and call your field names

principle of operation:

  1. the value is selected from the alert the hive.
  2. ioc compare against already added Service_Group.
  3. if ioc not in Service_Group, will add field port and protocol
  4. if ioc in Service_Group, next step
  5. checks if there is already a blocking list, if not, ioc will add