Splunk SOAR

How to block incoming traffic (source ip at FW policy) with phantom check point/ fortinet apps?

stevenaung
New Member

Hi all,

I was testing out phanom to contain malicious IPs with my perimeter FWs.
The problem is that it only block as destination IP at FW and i didn't see any parameter to define whether I want to block as destination or source or both.
I believe FW API supports this functionality but somehow it is missing.
Any thoughts on this?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...

The Visibility Gap: Hybrid Networks and IT Services

The most forward thinking enterprises among us see their network as much more than infrastructure – it's their ...

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...