Forum Discussion
khaled1980
Dec 21, 2021Copper Contributor
I need to create a sentinel dynamic list
I need to create a dynamic list ( IPs or bad URLs), this dynamic list should automatically fulfilled based on sentinel incidents, then I will integrated my FWs (Palo Alto & FTD) to block the contents of this dynamic list
is it possible to do that with sentinel ?
Best Regards
- m_zorichIron ContributorYep there are lots of ways to achieve that, I would probably start by looking at what format do your firewalls need that IP information in order to ingest it - do they need json or csv or something like that, or can you push the bad IP addresses and domains directly to the devices using an API?
If you just want your firewalls to pick up a csv or json file then you could use Logic Apps to run a KQL query that retrieves all the information from your incidents and then exports that list to a csv/json file somewhere (storage account, s3, whatever makes sense for you)