10-30-2018 11:23 AM
I want to integrate the Palo Alto (Panorama) API into Demisto in order to do automatic blacklisting of malicious IPs (as determined in a phishing playbook). One concern the infrastructure team has is whether or not the automatic adding to the blacklist might prematurely commit changes if - for instance - the infrastructure engineer was changing ACLs or routing rules at the time. I believe that an API call to blacklist should have no affect on whatever is occuring in the UI as far as configuration goes, but I figured I'd run it past the pros anyway.
10-31-2018 11:09 AM
Have a look at mindmeld and external dynamic lists.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!