Umbrella - Remove Observable from Destination List
This workflow appears in the pivot menu and allows a user to remove an observable from the configured destination list in Cisco Umbrella.
Description
This workflow appears in the pivot menu and allows a user to remove an observable from the configured destination list in Cisco Umbrella.
Note that the types of observables supported by a destination list will depend on the type of list and if it's configured for allow or block. DNS destination lists support domains (block/allow), URLs (block), and IPv4 addresses (allow). Web policy destination lists support domains, URLs, and IPv4 addresses. Depending on your configuration, you may want to remove observable types from this workflow's properties that don't apply to your use case.
Target: Umbrella
Steps:
- Loop through each page of destination lists:
- If a matching list was found, save its ID for later
- If a matching list is not found, end the workflow
- Loop through each page of destination list entries:
- If the observable we're looking for is found, attempt to remove it
- If the observable is not found and there are no more pages of entries, end the workflow
This workflow requires the following targets to be available before it can be run.
Integration targets
- Umbrella