for the artifact, the function get the value from the action menu but currently i don't know how to give this value as it will be full automated.
Original Message:
Sent: Fri May 17, 2024 01:15 AM
From: Maria Czapkowska
Subject: auto IP blocking on Hits detected
Okay so this error is actually really helpful and pretty clear as to where the issue is. You need to go in to the app.config file of the app you're using and provide a value for the "panorama_label" variable. I suggest having a look at the documentation of the app to see what value should go there.
For a function to get the artifact value you need to give it artifact.value in a variable
------------------------------
Maria Czapkowska
Original Message:
Sent: Thu May 16, 2024 09:56 AM
From: Khaled Nasr
Subject: auto IP blocking on Hits detected
Thanks Maria for your reply,
this is the error message
No label was given and is required if servers are labeled in the app.config")
"panorama_label": null
i need to ask how the function will get the artifact value as well ?
Thanks
------------------------------
Khaled Nasr
Original Message:
Sent: Thu May 16, 2024 01:37 AM
From: Maria Czapkowska
Subject: auto IP blocking on Hits detected
What error are you getting? Without that information it's difficult to advise anything.
------------------------------
Maria Czapkowska
Original Message:
Sent: Wed May 15, 2024 07:52 AM
From: Khaled Nasr
Subject: auto IP blocking on Hits detected
Hi all,
i need to configure our soar to bock the artifact if it has a hits:
i created an auto rule and added condition if the artifact has hit
the rule action is to start the blocking workflow(palo alto function) which need some inputs like label and of Corse the value.
for the label, i wrote it in the code itself as string and for the artifact value am not sure if it will be assigned once the function called.
but it doesn't work fine , it gives me error
is there any other way to get this work
Thanks
------------------------------
Khaled Nasr
------------------------------