New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PAN-OS - DNS Sinkhole #27700
PAN-OS - DNS Sinkhole #27700
Conversation
… formatted all files. Added test playbook too.
@idovandijk Great work! Please review my comments:
|
Packs/PAN-OS/Playbooks/PAN-OS_-_Add_Anti-Spyware_Security_Profile_To_Rule.yml
Outdated
Show resolved
Hide resolved
PR is ready for merge and waiting for tech docs |
version: -1 | ||
name: Can a new anti-spyware profile be applied? | ||
description: |- | ||
Checks whether the rule can have the anti spyware profile applied to it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checks whether the rule can have the anti spyware profile applied to it. | |
Checks whether the rule can have the anti-spyware profile applied to it. |
Checks whether the rule can have the anti spyware profile applied to it. | ||
There are 4 different possible scenarios: | ||
1. It has no profile, so the specified profile can be applied. | ||
2. It has a profile, but it should not be overwritten with a new anti spyware profile. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. It has a profile, but it should not be overwritten with a new anti spyware profile. | |
2. It has a profile, but it should not be overwritten with a new anti-spyware profile. |
1. It has no profile, so the specified profile can be applied. | ||
2. It has a profile, but it should not be overwritten with a new anti spyware profile. | ||
3. It has a security profile group, and the anti-spyware profile specified can be added to that group. | ||
4. It has a security profile group, but the anti-spyware profile can be applied only if the group doesn't already have an anti spyware profile in it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4. It has a security profile group, but the anti-spyware profile can be applied only if the group doesn't already have an anti spyware profile in it. | |
4. It has a security profile group, but the anti-spyware profile can be applied only if the group doesn't already have an anti-spyware profile in it. |
id: 345b0c42-ac77-4ffc-8b5e-1db0146cbbc0 | ||
version: -1 | ||
name: Overwrite with / Add our profile to the security profile group | ||
description: Please modify the security profile group, and add the Anti-Spyware security profile called ${inputs.SecurityProfileName}. If there's already an anti-spyware security profile configured there, please overwrite it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: Please modify the security profile group, and add the Anti-Spyware security profile called ${inputs.SecurityProfileName}. If there's already an anti-spyware security profile configured there, please overwrite it. | |
description: Modify the security profile group, and add the Anti-Spyware security profile called ${inputs.SecurityProfileName}. If there's already an anti-spyware security profile configured there, overwrite it. |
|
||
This automation runs using the default Limited User role, unless you explicitly change the permissions. | ||
For more information, see the section about permissions here: | ||
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations | |
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.11/Cortex-XSOAR-Administrator-Guide/Automations |
Packs/PAN-OS/Playbooks/PAN-OS_-_Extract_IPs_From_Traffic_Logs_To_Sinkhole_README.md
Outdated
Show resolved
Hide resolved
Packs/PAN-OS/Playbooks/PAN-OS_-_Extract_IPs_From_Traffic_Logs_To_Sinkhole_README.md
Outdated
Show resolved
Hide resolved
@melamedbn @michalgold @AdiPeret @ostolero @tomer-pan Doc review completed. |
Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* Added playbooks, tests, images, and formatted * fixed conf.json and updated playbook description * Fixed validation issues in both playbooks * Added READMEs and release notes * Removed old files, added new files, docs, pb images, and new RN. Also formatted all files. Added test playbook too. * Updated playbook with fixes, pb image, and pb readme * Fixed test configurations for playbooks * Fixed test configuration in conf.json to use FW and not Panorama * Apply suggestions from tech docs Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
Status
Ready
Related Issues
fixes: https://jira-hq.paloaltonetworks.local/browse/CIAC-2793
Description
Screenshots
Minimum version of Cortex XSOAR
6.8.0
Does it break backward compatibility?
No