demisto · sapirshuker · Oct 17, 2023 · Oct 17, 2023 · Oct 17, 2023 · Oct 17, 2023
diff --git a/Packs/PAN-OS/CONTRIBUTORS.json b/Packs/PAN-OS/CONTRIBUTORS.json
@@ -1 +1 @@
-["Adam Baumeister", "Adam Burt"]
+["Adam Baumeister", "Adam Burt", "Johnathan Wilkes"]
diff --git a/Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_Destination_Service.yml b/Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_Destination_Service.yml
@@ -109,7 +109,7 @@ tasks:
       brand: ""
     nexttasks:
       '#none#':
-      - "10"
+      - "29"
     scriptarguments:
       action:
         simple: drop
@@ -149,7 +149,7 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 540,
+          "x": 770,
           "y": 2605
         }
       }
@@ -178,7 +178,7 @@ tasks:
       {
         "position": {
           "x": 265,
-          "y": 3035
+          "y": 3120
         }
       }
     note: false
@@ -267,8 +267,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 540,
-          "y": 2770
+          "x": 560,
+          "y": 2950
         }
       }
     note: false
@@ -344,8 +344,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 990,
-          "y": 2770
+          "x": 1390,
+          "y": 2950
         }
       }
     note: false
@@ -398,8 +398,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 1230,
-          "y": 300
+          "x": 520,
+          "y": 340
         }
       }
     note: false
@@ -434,8 +434,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 550,
-          "y": 500
+          "x": 680,
+          "y": 510
         }
       }
     note: false
@@ -507,8 +507,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 550,
-          "y": 650
+          "x": 680,
+          "y": 670
         }
       }
     note: false
@@ -549,8 +549,8 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 550,
-          "y": 845
+          "x": 680,
+          "y": 835
         }
       }
     note: false
@@ -698,7 +698,7 @@ tasks:
     view: |-
       {
         "position": {
-          "x": 990,
+          "x": 1390,
           "y": 2605
         }
       }
@@ -930,16 +930,108 @@ tasks:
     quietmode: 0
     isoversize: false
     isautoswitchedtoquietmode: false
+  "29":
+    id: "29"
+    taskid: 93958d7c-611a-412f-8e50-52f0e98b3db7
+    type: condition
+    task:
+      id: 93958d7c-611a-412f-8e50-52f0e98b3db7
+      version: -1
+      name: Is device-group "shared"?
+      description: Checks if the device group is "shared", because in that case we need to push to the actual device-groups that reference firewalls.
+      type: condition
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#default#':
+      - "10"
+      "yes":
+      - "30"
+    separatecontext: false
+    conditions:
+    - label: "yes"
+      condition:
+      - - operator: isEqualString
+          left:
+            value:
+              complex:
+                root: inputs.DeviceGroup
+            iscontext: true
+          right:
+            value:
+              simple: shared
+          ignorecase: true
+    continueonerrortype: ""
+    view: |-
+      {
+        "position": {
+          "x": 770,
+          "y": 2770
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
+  "30":
+    id: "30"
+    taskid: 19d7b705-1fdb-481a-8bf4-affaff21c091
+    type: playbook
+    task:
+      id: 19d7b705-1fdb-481a-8bf4-affaff21c091
+      version: -1
+      name: PAN-OS Commit Configuration
+      description: Commit the PAN-OS Panorama or Firewall configuration.\nIf specified as Panorama, it also pushes the policies to the specified device group in the instance.
+      playbookName: PAN-OS Commit Configuration
+      type: playbook
+      iscommand: false
+      brand: ""
+    nexttasks:
+      '#none#':
+      - "4"
+    scriptarguments:
+      device-group:
+        complex:
+          root: inputs.SecondaryDeviceGroup
+    separatecontext: true
+    continueonerrortype: ""
+    loop:
+      iscommand: false
+      exitCondition: ""
+      wait: 1
+      max: 100
+    view: |-
+      {
+        "position": {
+          "x": 970,
+          "y": 2950
+        }
+      }
+    note: false
+    timertriggers: []
+    ignoreworker: false
+    skipunavailable: false
+    quietmode: 0
+    isoversize: false
+    isautoswitchedtoquietmode: false
 view: |-
   {
     "linkLabelsPosition": {
-      "15_4_#default#": 0.17,
-      "1_4_#default#": 0.15
+      "15_16_yes": 0.59,
+      "15_4_#default#": 0.1,
+      "18_20_#default#": 0.54,
+      "1_4_#default#": 0.1,
+      "24_11_yes": 0.54,
+      "29_10_#default#": 0.48,
+      "29_30_yes": 0.6
     },
     "paper": {
       "dimensions": {
-        "height": 3050,
-        "width": 1345,
+        "height": 3135,
+        "width": 1505,
         "x": 265,
         "y": 50
       }
@@ -1014,7 +1106,14 @@ inputs:
   required: false
   description: A comma-separated list of destination zones.
   playbookInputQuery:
+- key: SecondaryDeviceGroup
+  value: {}
+  required: false
+  description: If the rule, address and service are created in the "Shared" location, we need to know what device-groups we can push to because it isn't possible to push to the "Shared" location.
+  playbookInputQuery:
 outputs: []
 tests:
 - No Tests
 fromversion: 5.0.0
+contentitemexportablefields:
+  contentitemfields: {}
diff --git a/Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_Destination_Service_README.md b/Packs/PAN-OS/Playbooks/playbook-PAN-OS_-_Block_Destination_Service_README.md
@@ -1,4 +1,4 @@
-This playbook blocks a Destination IP and Service (TCP or UDP port) by creating a rule for a specific Device Group on PAN-OS. 
+This playbook blocks a destination IP and service (TCP or UDP port) by creating a rule for a specific device group on PAN-OS. 
 
 ## Dependencies
 
@@ -14,16 +14,16 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 
 ### Scripts
 
-* SetAndHandleEmpty
 * Set
+* SetAndHandleEmpty
 
 ### Commands
 
-* pan-os-create-address
+* pan-os-create-service
 * pan-os-list-addresses
+* pan-os-create-address
 * pan-os-list-services
 * pan-os-create-rule
-* pan-os-create-service
 
 ## Playbook Inputs
 
@@ -43,6 +43,7 @@ This playbook uses the following sub-playbooks, integrations, and scripts.
 | WhereRule | Where to move the rule. If you specify "before" or "after", you need to supply the "dst" argument. \(Default is: 'top'\) | top | Optional |
 | SourceZone | A comma-separated list of source zones. |  | Optional |
 | DestinationZone | A comma-separated list of destination zones. |  | Optional |
+| SecondaryDeviceGroup | If the rule, address and service are created in the "Shared" location, we need to know what device groups we can push to because it isn't possible to push to the "Shared" location. |  | Optional |
 
 ## Playbook Outputs
 

diff --git a/Packs/PAN-OS/ReleaseNotes/2_1_10.md b/Packs/PAN-OS/ReleaseNotes/2_1_10.md
@@ -0,0 +1,6 @@
+
+#### Playbooks
+
+##### PAN-OS - Block Destination Service
+
+- Added the `SecondaryDeviceGroup` input in the case that we want to add the block rule to the "Shared" location and still push to applicable device-groups.
diff --git a/Packs/PAN-OS/doc_files/PAN-OS_-_Block_Destination_Service.png b/Packs/PAN-OS/doc_files/PAN-OS_-_Block_Destination_Service.png
diff --git a/Packs/PAN-OS/pack_metadata.json b/Packs/PAN-OS/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "PAN-OS by Palo Alto Networks",
     "description": "Manage Palo Alto Networks Firewall and Panorama. Use this pack to manage Prisma Access through Panorama. For more information see Panorama documentation.",
     "support": "xsoar",
-    "currentVersion": "2.1.9",
+    "currentVersion": "2.1.10",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",