IP Whitelist And Exclusion - RiskIQ Digital Footprint
Adds the IP Address(es) to allow list after checking if it should be added to allow list according to the user inputs provided. This playbook also adds these IP Address indicators to the exclusion list and tags it with the "RiskIQ Whitelisted IP Address" tag.
RiskIQ Digital Footprint · 39 tasks · 8 inputs · 0 outputs
Inputs
ip_address— The list of IP Address(es) to be added to allow list and excluded.InternalRange— A list of IP ranges to check if the IP Address is in that range for adding to allow list. The list should be provided in CIDR notation, separated by commas. An example of a list of ranges would be: "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" (without quotes). If a list is not provided, will use the default list provided in the IsIPInRanges script (the known IPv4 private address ranges).auto_whitelist_ip_address— Automatically add the IP Address(es) to allow list. You can set this as 'Yes' or 'No' manually here or you can set it into a custom incident field 'RiskIQ Auto Whitelist IP Address'.auto_exclude_whitelisted_ip_address— Automatically add the IP Address(es) on allow list to the exclusion list. You can set this as 'Yes' or 'No' manually here or you can set it into a custom incident field 'RiskIQ Auto Exclude Whitelisted IP Address'.support_contact— The contact email address of the support team from which manual inputs should be fetched.aws_security_group_name— Name of the AWS Security Group to update the IPs on allow list.gcp_firewall_name— Name of the GCP Firewall where the playbook should set the IPs on allow list.okta_zone_id— ID of the Okta Zone to update the IPs on allow list. Use !okta-list-zones to obtain the available zones.
Commands used
excludeIndicators
send-mail
setIndicators