Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
Hi,
I have created a playbook that extracts IOC from a csv in a mail.
I want to ask the analyst if they want to manually review or auto block the IOCs.
If the analyst marks Manual review I want it to loop over every IOC and the analyst should mark to block or not.
Anybody has an idea of how to loop over every IOC.
I saved it to context under ${IOC} and the amount is obviously changing for every incident.
Another idea that will work even better but probably impossible to implement
In the picture instead of marking and running over every ioc, Just list all of the IOC as an options to answer as multi select.
The IOCs that will be marked will be marked for block.
Hi @Bar_Magnezi ,
For the first question, you can use subplaybook to loop through each input.
Documentation: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.5/Cortex-XSOAR-Administrator-Guide/Sub-Pla...
Video: https://www.youtube.com/watch?v=-Db98zkG7qc
For the second question, you can provide your IOC list as an answer and every item in the list will be provided to be multi-selected, then you can perform blocking action by taking the answer as an input.
