Block Domain - Generic v2
This Playbook is part of the Common Playbooks Pack.#
Supported versions
Available on Cortex XSOAR (versions 6.5.0 and later), Cortex XSIAM, and Cortex XPANSE.
This playbook blocks malicious Domains using all integrations that are enabled.
Supported integrations for this playbook:
- Zscaler
- Symantec Messaging Gateway
- FireEye EX
- Trend Micro Apex One
- Proofpoint Threat Response
- Cisco Stealthwatch Cloud
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- Block Domain - Zscaler
- Block Domain - Proofpoint Threat Response
- Block Domain - Symantec Messaging Gateway
- Block Domain - External Dynamic List
- Block Domain - Trend Micro Apex One
- Block Domain - FireEye Email Security
- Block Domain - Cisco Stealthwatch
Integrations#
This playbook does not use any integrations.
Scripts#
This playbook does not use any scripts.
Commands#
This playbook does not use any commands.
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| Domain | The Domain to block. | Optional | |
| DomainBlackListID | The Domain List ID to add the Domain to. product: Proofpoint Threat Response | Optional | |
| Tag | Tag to assign a domain to the External Dynamic List. sub-playbook: Block Domain - External Dynamic List | Optional | |
| Expiration | The UTC expiration date and time of the suspicious object, for example: 2020-01-25T09:00:00Z. Products: Trend Micro Apex One Proofpoint Threat Response | Optional |
Playbook Outputs#
There are no outputs for this playbook.
Playbook Image#
