Try in Splunk SOAR


Accepts a URL or list of URLs and block them in ZScaler. Generates a list of observables with the blocked URLs.

  • Type: Response
  • Product: Splunk SOAR
  • Apps: Zscaler
  • Last Updated: 2023-03-31
  • Author: Patrick Bareiss, Splunk
  • ID: 3e0df448-0546-4b2b-9143-365161cf40f9
  • Use-cases:
    • Phishing
    • Endpoint

Associated Detections

How To Implement

This input playbook requires the ZScaler connector to be configured. It is designed to work in conjunction with the Dynamic URL Outbound Traffic Filtering Analysis playbook or other playbooks in the same style.


ID Technique Definition Category
D3-OTF Outbound Traffic Filtering Restricting network traffic originating from any location. Network Isolation

Explore Playbook


Required field


source | version: 1