cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I need to create a sentinel dynamic list

khaled1980
Copper Contributor

‎Dec 21 2021 12:11 AM

‎Dec 21 2021 12:11 AM

I need to create a sentinel dynamic list

I need to create a dynamic list ( IPs or bad URLs), this dynamic list should automatically fulfilled based on sentinel incidents, then I will integrated my FWs (Palo Alto & FTD) to block  the contents of this dynamic list
is it possible to do that with sentinel ?

Best Regards

1,278 Views
0 Likes
1 Reply
Reply
1 Reply
m_zorich

‎Dec 21 2021 12:38 AM

‎Dec 21 2021 12:38 AM

Re: I need to create a sentinel dynamic list

Yep there are lots of ways to achieve that, I would probably start by looking at what format do your firewalls need that IP information in order to ingest it - do they need json or csv or something like that, or can you push the bad IP addresses and domains directly to the devices using an API?

If you just want your firewalls to pick up a csv or json file then you could use Logic Apps to run a KQL query that retrieves all the information from your incidents and then exports that list to a csv/json file somewhere (storage account, s3, whatever makes sense for you)
0 Likes
Reply