07-13-2022 12:57 AM
Hey guys,
I'm working on separating internal and external IP(s) on a playbook and I want to use those values in a email body. So currently I'm using a temporary list to store IP(s) then call when needed in the same playbook with ${lists.templist}. But I have two limitations with this approach,
If someone has a less messy method, please let me know.
07-13-2022 05:52 PM
Hi @vidurasupun, not sure what your use case is, I can help better if I understand what exactly your trying to do.
By list I'm assuming your referring to a list of values in the incident's context? Not the external list function of Cortex https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/lists? The command setList is used for that.
Try the attached playbook, it should do the trick. It uses an inbuilt conditional check and playbook looping to achieve the same outcome. You can also do this with a single automation.
I had to change the extensions to xml, just change it back to yml before uploading to your server.
07-13-2022 06:34 AM
Not sure you can do a list and assign it to a variable. Thinking you would have to identify a device group first, and the serial number of the firewall, and then assign a specific variable to that. The firewalls/panorama is looking for a specific address/single address/entry for any given spot on a variable assigned to a device.
07-13-2022 05:52 PM
Hi @vidurasupun, not sure what your use case is, I can help better if I understand what exactly your trying to do.
By list I'm assuming your referring to a list of values in the incident's context? Not the external list function of Cortex https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/lists? The command setList is used for that.
Try the attached playbook, it should do the trick. It uses an inbuilt conditional check and playbook looping to achieve the same outcome. You can also do this with a single automation.
I had to change the extensions to xml, just change it back to yml before uploading to your server.
07-13-2022 10:55 PM
Sec101 thank you for the response but I need to do the same thing on the playbook level, as Jfernandes1 mentioned he is using the set automation to assign external IP(s) to the key externalIPs then I can call it later in my playbook as an example to send a mail like below.
Hi Network Team,
Please block the IP(s) ${externalIPs} from the FW.
07-13-2022 10:55 PM
Thank you for the solution. I added bit of stuff on top your playbook,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
