For details on cookie usage on our site, read our Privacy Policy
Update List Using REST \ similar
- LIVEcommunity
- Discussions
- General Topics
- Update List Using REST \ similar
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Update List Using REST \ similar
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 05:39 AM
Maybe a stupid question and\or I've missed the obvious...
One of the issues we have with our Palo firewalls is - when we deploy 'active' IPS rules (block-ip etc) the maximum length of time is 3600 seconds.
We have a log solution that we use to trigger alerts if we're being probed over multiple days etc and would like to trigger a script, rather than the current manual email, to poke the offending IP address into a block list. As we've already started using MineMeld to serve up blocklists as I wondering if its possible to call a RESTful API - or similar - to push the IP address to an output list?
Longer term we'd be looking for a bit more intelligence i.e. checking whether it's already on the list, removing after a period of time (say 7 days), but initially it would just be a simple "if source IP triggers threat 3 times in 3 hours trigger (PowerShell) script to poke address into custom blocklist" type scenario
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-26-2018 12:49 AM - edited 01-26-2018 12:50 AM
Sean, nice script! I took your script a step further and incorporated a GUI along with other logic to allow for easy uploading of IOC's. I made sure to cite your contribution:
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-30-2018 03:27 PM
Did you add any more methods (like delete)?
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-04-2018 01:33 AM
Hi @pataylor,
delete is available in the new API, you can check the new API mechanism at the end of the following article:
- Multiple issues on Dynamic Updates PA-220 in General Topics
- XSOAR customer support problems in Cortex XSOAR Discussions
- After enabling Advanced Routing, all IPsec tunnels are down in Next-Generation Firewall Discussions
- Prisma Insights API in PowerShell in Prisma Cloud Discussions
- possible to know what triggered malicious website classification on my website? in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
