https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/490909#M104930 <P>Hello,</P> <P>I'm sure you can open a ticket and enter all of you evidence. What I do is just setup my telemetry to send to PAN so they make the calls that way. Since your PAN should be blocking it, honestly playing IP whack a mole is tough and not really worth the effort. Submit a ticket to the owner abuse email address?</P> <P>Regards,</P> Tue, 24 May 2022 19:11:02 GMT OtakarKlier 2022-05-24T19:11:02Z https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/490835#M104922 <P>Can an IP be submitted to Palo Alto to be included in the high-risk or known-malicious IP address lists? We have an IP that has been discovered to be a major DDOS attack BOT coordination point but it's not listed in PAN's threat vault and is not being blocked by our IP list block rules. Talos and other sites lists this as a high risk IP but I'm not seeing anyway to get it on PANs list short of trying to deliver some questionable traffic to the IP and hope that Wildfire picks it up.</P> Tue, 24 May 2022 17:28:11 GMT https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/490835#M104922 JoshuaSanders 2022-05-24T17:28:11Z https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/490909#M104930 <P>Hello,</P> <P>I'm sure you can open a ticket and enter all of you evidence. What I do is just setup my telemetry to send to PAN so they make the calls that way. Since your PAN should be blocking it, honestly playing IP whack a mole is tough and not really worth the effort. Submit a ticket to the owner abuse email address?</P> <P>Regards,</P> Tue, 24 May 2022 19:11:02 GMT https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/490909#M104930 OtakarKlier 2022-05-24T19:11:02Z https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/503637#M105444 <P>How are you sending your telemetry to PAN?</P> Tue, 14 Jun 2022 18:01:26 GMT https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/503637#M105444 JoshuaSanders 2022-06-14T18:01:26Z https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/503695#M105448 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/131761">@JoshuaSanders</a>,</P> <P>There's not a process for customers to request an IP get added to either of these lists. I'd recommend setting up something that you can easily feed into the firewall for manual IP blocking in cases like this. That can be a manual blacklist entry that you manually update, or you could setup an EDL that can be dynamically updated on a schedule on the firewall so you aren't having to commit just to block an address.</P> <P>As for sending telemetry to the firewall, you can review the documentation on that <A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/share-threat-intelligence-with-palo-alto-networks/enable-telemetry" target="_self">HERE</A>.&nbsp;</P> Wed, 15 Jun 2022 02:31:04 GMT https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/503695#M105448 BPry 2022-06-15T02:31:04Z https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/585001#M116799 <P>I found an IP in our logs that has been scanning our network lately. I do not see the IP address in any of the PA Predefined External Dynamic Lists (I.e. Tor Exist IP Address, Bulletproof IP, etc.). However, I do see it on&nbsp;<A href="https://www.abuseipdb.com/" target="_blank">https://www.abuseipdb.com/</A>&nbsp;as a repeat offender.&nbsp;</P> <P>Any suggestions on what URL I could use to pull the this IP address.&nbsp;</P> Fri, 26 Apr 2024 01:39:16 GMT https://live.paloaltonetworks.com/t5/general-topics/submit-ip-to-known-malicious-ip-or-high-risk-ip/m-p/585001#M116799 Tim_Stephens 2024-04-26T01:39:16Z