This workflow consumes one or more URLs and attempts to block them in all supported products. Currently supported products include: Cisco Secure Access, Cisco Umbrella, Cisco XDR (intelligence feeds).

Cisco XDR intelligence feeds can be used by other products, such as firewalls, to fetch lists of observables from XDR for use in policies.

Targets: Automation APIs, Platform APIs, Private Intelligence API, Cisco Secure Access, Umbrella

Steps:
- Check how the workflow was started (if not a playbook task, end the workflow)
- Get a list of targets and extract the supported integrations
- Check if there are supported integrations (if not, end the workflow)
- For each integration:
  - Complete setup as needed depending on the integration
- For each URL:
  - For each integration:
    - Attempt to block the URL in the given integration
    - If the new Cisco Umbrella module is not available, try the legacy one
  - Check if the URL was blocked in at least one product (if not, update the workflow results)

XDR - Contain Incident: URLs