Conflicts with Automation & Regular Configuration Tasks

Reply
L0 Member

Conflicts with Automation & Regular Configuration Tasks

Hi everyone,

 

I want to integrate the Palo Alto (Panorama) API into Demisto in order to do automatic blacklisting of malicious IPs (as determined in a phishing playbook). One concern the infrastructure team has is whether or not the automatic adding to the blacklist might prematurely commit changes if - for instance - the infrastructure engineer was changing ACLs or routing rules at the time. I believe that an API call to blacklist should have no affect on whatever is occuring in the UI as far as configuration goes, but I figured I'd run it past the pros anyway. 

 

Thanks!

L2 Linker

Re: Conflicts with Automation & Regular Configuration Tasks

Have a look at mindmeld and external dynamic lists.

 

https://github.com/PaloAltoNetworks/minemeld/wiki

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!