This workflow consumes one or more URLs and attempts to restore them. URLs can only be restored using this workflow if they were contained using the corresponding containment playbook. Currently supported products include: Cisco Secure Access, Cisco Umbrella, Cisco XDR (intelligence feeds).

Targets: Automation APIs, Private Intelligence API, Cisco Secure Access, Umbrella

Steps:
- Check how the workflow was started (if not a playbook task, end the workflow)
- Get a list of targets and extract the supported integrations
- Check if there are supported integrations (if not, end the workflow)
- For each integration:
  - Complete setup as needed depending on the integration
- For each URLs:
  - For each integration:
    - Attempt to unblock the URL in the given integration
      Note: This will reverse all prior blocks, made outside the context of the response to this incident also
  - Check if the URL was unblocked in at least one product (if not, update the workflow results)

XDR - Restore URLs