https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534836#M1904 <P>Hi,</P> <P>&nbsp;</P> <P>Any playbook for "check website access if it is malicious"?</P> <P>To events that come from Cortex XDR</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> <P>Fábio</P> Fri, 17 Mar 2023 11:44:13 GMT FabioFerreira 2023-03-17T11:44:13Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534836#M1904 <P>Hi,</P> <P>&nbsp;</P> <P>Any playbook for "check website access if it is malicious"?</P> <P>To events that come from Cortex XDR</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> <P>Fábio</P> Fri, 17 Mar 2023 11:44:13 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534836#M1904 FabioFerreira 2023-03-17T11:44:13Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534847#M1906 <P>The XDR integration will provide you with DOMAIN indicators for enrichment as seen in <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Working-with-IOCs" target="_blank" rel="noopener">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Working-with-IOCs</A></P> <P>&nbsp;</P> <P>You can use those:</P> <P>&nbsp;</P> <P><A href="https://xsoar.pan.dev/docs/reference/integrations/cortex-xdr---ioc" target="_blank" rel="noopener">https://xsoar.pan.dev/docs/reference/integrations/cortex-xdr---ioc</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Outside of that if you log to the SIEM the web requests you can use other integrations for URL enrichment like&nbsp; AutoFocus, Wildfire etc.</P> <P>&nbsp;</P> <P>See the links below:</P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=4gebN1ox8vU" target="_blank" rel="noopener">https://www.youtube.com/watch?v=4gebN1ox8vU</A></P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=DVGWeYJMDQQ&amp;t=378s" target="_blank" rel="noopener">https://www.youtube.com/watch?v=DVGWeYJMDQQ&amp;t=378s</A></P> <P>&nbsp;</P> <P><A href="https://www.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-ioc-enrichment/" target="_blank" rel="noopener">https://www.paloaltonetworks.com/blog/security-operations/security-orchestration-use-case-automating-ioc-enrichment/</A></P> <P>&nbsp;</P> <P><A href="https://cortex.marketplace.pan.dev/marketplace/details/AutoFocus/" target="_blank" rel="noopener">https://cortex.marketplace.pan.dev/marketplace/details/AutoFocus/</A></P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=DVGWeYJMDQQ&amp;t=378s" target="_blank" rel="noopener">https://www.youtube.com/watch?v=DVGWeYJMDQQ&amp;t=378s</A></P> <P>&nbsp;</P> <P><A href="https://xsoar.pan.dev/docs/reference/playbooks/detonate-url---wild-fire-v2" target="_blank" rel="noopener">https://xsoar.pan.dev/docs/reference/playbooks/detonate-url---wild-fire-v2</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 17 Mar 2023 13:04:27 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534847#M1906 nikoolayy1 2023-03-17T13:04:27Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534858#M1907 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;</P> <P>&nbsp;</P> <P>Thank you for your answer.</P> <P>Yeah, I'm already receiving incidents from Cortex XDR into XSOAR</P> <P>I know how to create a playbook for that, I only would like to know if there are any OOB playbooks created that I could use, instead create one for scratch <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>Regards,</P> <P>Fábio</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 17 Mar 2023 14:48:24 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534858#M1907 FabioFerreira 2023-03-17T14:48:24Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534962#M1909 <P>Well as XDR is again Palo Alto product like XSOAR there is antire pack about this: <A href="https://cortex.marketplace.pan.dev/marketplace/details/CortexXDR/" target="_blank" rel="noopener">https://cortex.marketplace.pan.dev/marketplace/details/CortexXDR/</A> did you test it ? Also I found this <A href="https://xsoar.pan.dev/docs/reference/scripts/extract-domain-from-ioc-domain-match-res" target="_blank" rel="noopener">https://xsoar.pan.dev/docs/reference/scripts/extract-domain-from-ioc-domain-match-res</A> but never tested this script with XDR IOC.</P> <P>&nbsp;</P> <P>Also youtube has great examples about XSOAR and XDR working together. Here is an example but you can see others in youtube <span class="lia-unicode-emoji" title=":winking_face:">😉</span>:</P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=fDFea0KLuGs" target="_blank">https://www.youtube.com/watch?v=fDFea0KLuGs</A></P> Sun, 19 Mar 2023 06:57:01 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/534962#M1909 nikoolayy1 2023-03-19T06:57:01Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/535050#M1917 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;</P> <P>&nbsp;</P> <P>Already tested some, but that one not yet, going to check.</P> <P>I already have PA XDR and XSOAR with incident respond integration, assign with incident type, mappers and classifiers, and it is everything working.</P> <P>In this case I was only looking for a specific use case.</P> <P>Going to create a playbook myself <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>Thank you for your help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>Regards,</P> <P>Fábio Ferreira</P> Mon, 20 Mar 2023 11:38:46 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/535050#M1917 FabioFerreira 2023-03-20T11:38:46Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/535332#M1924 <P>The Pack has example playbooks that you were talking about but as you want to "play yourself" as to learn the feature why not <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Wed, 22 Mar 2023 08:03:46 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/playbook-access-to-malicious-website/m-p/535332#M1924 nikoolayy1 2023-03-22T08:03:46Z