Cortex-Analyzers/responders/PaloAltoNGFW_unblock_domain
2020-10-20 21:07:09 +03:00
..
PaloAltoNGFW_unblock_domain.json Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00
README.md Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00
Unblock_domain.py Add responce for PaloAltoNGFW 2020-10-20 21:07:09 +03:00

Block external IP address for Palo Alto NGFW

Response module for block external IP address for Palo Alto NGFW

Installation

need install:

  1. pan-os-python
  2. thehive4py

ToDo

to work, you need to create Address_Group in PaloAltoNGFW and create security polites and name them in "name_internal_Address_Group_for_domain" and "name_external_Address_Group_for_domain"

principle of operation:

  1. the value is selected from the alert the hive.
  2. if ioc added in Address_Groups, script deleted ioc
  3. if ioc in AddressObject, script deleted ioc