MatchIPinCIDRIndicators

This Script is part of the Cortex Xpanse by Palo Alto Networks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Match provided IP address in all the Indicators of type CIDR with the provided tags (longest match).

Script Data#

Name	Description
Script Type	python3
Tags
Cortex XSOAR Version	6.0.0

Inputs#

Argument Name	Description
ip	IP Address to match.
tags	Tags to search (comma separated string).

Outputs#

Path	Description	Type
MatchingCIDRIndicator	Matching CIDR Indicator	Unknown

Script Example#

!MatchIPinCIDRIndicators ip="44.224.1.1" tags="AWS,GCP,Azure"

Context Example#

{
    "MatchingCIDRIndicator": {
        "CustomFields": {
            "region": "us-west-2",
            "service": "EC2",
            "tags": [
                "AWS",
                "AMAZON",
                "EC2"
            ]
        },
        "expiration": "2020-11-30T22:46:50.594897749Z",
        "expirationStatus": "active",
        "firstSeen": "2020-11-23T22:04:13.912289994Z",
        "id": "70575",
        "lastSeen": "2020-11-23T22:15:06.02640521Z",
        "score": 1,
        "sourceBrands": [
            "AWS Feed"
        ],
        "sourceInstances": [
            "AWS Feed_instance_1"
        ],
        "value": "44.224.0.0/11"
    }
}

Human Readable Output#

Results#
CustomFields expiration expirationStatus firstSeen id lastSeen score sourceBrands sourceInstances value
region: us-west-2
service: EC2
tags: AWS,
AMAZON,
EC2 2020-11-30T22:46:50.594897749Z active 2020-11-23T22:04:13.912289994Z 70575 2020-11-23T22:15:06.02640521Z 1 AWS Feed AWS Feed_instance_1 44.224.0.0/11