Hi everyone, I want to integrate the Palo Alto (Panorama) API into Demisto in order to do automatic blacklisting of malicious IPs (as determined in a phishing playbook). One concern the infrastructure team has is whether or not the automatic adding to the blacklist might prematurely commit changes if - for instance - the infrastructure engineer was changing ACLs or routing rules at the time. I believe that an API call to blacklist should have no affect on whatever is occuring in the UI as far as configuration goes, but I figured I'd run it past the pros anyway. Thanks!
... View more