As security incidents are created to isolate potential malware, you can use the
Security Operations Palo Alto Networks - Check and Block Value
workflow to automatically check IP addresses, URLs, and domains using External Dynamic Lists
defined in Security Operations Palo Alto Networks - Firewall.
The Security Operations Palo Alto Networks - Check and Block
Value workflow is executed when Firewall Block Requests are submitted.
The block request specifies the firewall to be used, the type of file to be checked and
blocked (if needed), and the block value. That is, the IP address, URL, or domain in
Role required: sn_si.analyst
During workflow execution, commands defined under are run. The Show type commands (for example,
Show-IP-ExternalDynamicList) determine whether the value exists on the firewall. The
Refresh type commands (for example, Refresh-IP-ExternalDynamicList) adds ones that
do not exist on the firewall to the block list.
After the Blocked Status activity executes, approval by a system administrator is
required before the workflow can proceed.
Fill in the fields on the form, as appropriate.
||Select the firewall to be used.
||Select the type of value to be checked:
||Enter the value of the selected type to be checked on