Help Center/ SecMaster/ User Guide/ Playbook Overview/ Synchronizing WAF Blacklisted IP Addresses to Indicators (WAF synchronizes black IP addresses to intelligence)
Updated on 2026-02-06 GMT+08:00
View PDF
Share

Synchronizing WAF Blacklisted IP Addresses to Indicators (WAF synchronizes black IP addresses to intelligence)

Playbook Overview

The WAF synchronizes black IP addresses to intelligence playbook synchronizes blacklisted IP addresses in WAF to SecMaster Indicators module and automatically generates the corresponding indicators.

You need to manually enable this playbook. This playbook takes effect immediately after the configuration is complete and is executed every other day.

Prerequisites

  • Your SecMaster professional edition is available.
  • SecMaster has obtained the WAF ReadOnlyAccess permission for the read-only permission on WAF APIs. Perform the following steps to check whether SecMaster has obtained the WAF ReadOnlyAccess permission: If the permission is not allocated, allocate it to SecMaster by referring to Authorizing SecMaster.
    1. Log in to the SecMaster console as an administrator.
    2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
    3. In the navigation pane on the left, choose Agencies. On the displayed page, click the SecMaster_Agency agency to go to the SecMaster_Agency agency page.
    4. Click the Permissions tab. If the permission list contains the WAF ReadOnlyAccess permission, SecMaster has obtained the WAF ReadOnlyAccess permission. It means SecMaster has the read-only permission for WAF APIs.
    Figure 1 Viewing agency authorization records

Procedure

In SecMaster, the initial version (V1) of the WAF synchronizes black IP addresses to intelligence workflow is enabled by default. You do not need to manually enable it. By default, the initial version (V1) of the WAF synchronizes black IP addresses to intelligence playbook is activated. You only need to enable the playbook.
  1. Log in to the SecMaster console.
  2. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
    Figure 2 Workspace management page
  3. In the navigation pane on the left, choose Security Orchestration > Playbooks.
    Figure 3 Accessing the Playbooks tab
  4. On the Playbooks page, search for the WAF synchronizes black IP addresses to intelligence playbook and click Enable in the Operation column of the playbook.
  5. In the dialog box displayed, select the initial playbook version v1 and click OK. If the Playbook Status of the WAF synchronizes black IP addresses to intelligence playbook changes to Enabled, the playbook has been enabled successfully.

Implementation Effect

If the playbook takes effect, go to the Threats > Indicators page of the target SecMaster workspace. On the Indicators page, you can view the new indicators.

Parent topic: Playbook Overview