https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556270#M112941 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/238781">@Charlie80</a>&nbsp;</P> <P>It does not necessary mean that paloalto consider it as benign, but maybe it is simply not confident enough to add it as the goal also is to have as few as possible false positives. 28% confidence on abjseIP is also not that high. In addition you will always find other sources with additional IP/URLs that are not blocked by paloalto as this company also does not know everything. Sometimes it makes sense to create such drop policies with more than just one list.</P> <P>&nbsp;</P> <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;isn't it updated with the antivirus updates as only this one is updated daily?</P> Sun, 03 Sep 2023 06:32:49 GMT Remo 2023-09-03T06:32:49Z https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556112#M112920 <P>Hello,</P> <P>I have a firewall rule on the Internet Firewall list this</P> <P>&nbsp;</P> <P>Source: Palo Alto Networks - High risk IP addresses - Palo Alto Networks - Known malicious IP addresses</P> <P>Destination Any</P> <P>Service Any</P> <P>Action: drop</P> <P>&nbsp;</P> <P>So if an ip inside the two EDL try to reach a Public Customer Service will be drop right?</P> <P>How is this list updated? There is a package like the Threat that I have to download with the PA scheduler?</P> <P>&nbsp;</P> <P>I found an ip that is flagged&nbsp; as <SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt">malicious</SPAN></SPAN> by AbuseIPDB with the 28% of confidence.</P> <P>I check the same ip on the Internet firewall:</P> <P>&nbsp;</P> <P>request system external-list global-find string x.x.x.x</P> <P>the answer was IP not present in the list.</P> <P>&nbsp;</P> <P>So It's means that Palo Alto didn't consider this ip malicious?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 01 Sep 2023 08:52:15 GMT https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556112#M112920 Charlie80 2023-09-01T08:52:15Z https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556117#M112923 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/238781">@Charlie80</a>&nbsp;</P> <P>&nbsp;</P> <P>Yes, an IP within the EDL should be dropped by your policy.</P> <P>With an active <STRONG>Threat Prevention license</STRONG>, Palo Alto Networks provides multiple built-in<SPAN>&nbsp;</SPAN><SPAN class="xref"><A style="color: #fa582d;" href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/built-in-edls.html" target="external_window">dynamic IP lists that you can use to block malicious hosts</A></SPAN>. The list is updated daily.&nbsp; The download is part of the Threats dynamic update schedule.</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Fri, 01 Sep 2023 10:42:47 GMT https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556117#M112923 kiwi 2023-09-01T10:42:47Z https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556123#M112928 <P>Thanks,</P> <P>Have you any idea regarding the last question?</P> <P>&nbsp;</P> <P>I found an ip that is flagged&nbsp; as <SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt">malicious</SPAN></SPAN> by AbuseIPDB with the 28% of confidence.</P> <P>I check the same ip on the Internet firewall:</P> <P>&nbsp;</P> <P>request system external-list global-find string x.x.x.x</P> <P>the answer was IP not present in the list.</P> <P>&nbsp;</P> <P>So It's means that Palo Alto didn't consider this ip malicious?<BR /><BR /><BR /><BR /></P> Fri, 01 Sep 2023 11:46:51 GMT https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556123#M112928 Charlie80 2023-09-01T11:46:51Z https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556270#M112941 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/238781">@Charlie80</a>&nbsp;</P> <P>It does not necessary mean that paloalto consider it as benign, but maybe it is simply not confident enough to add it as the goal also is to have as few as possible false positives. 28% confidence on abjseIP is also not that high. In addition you will always find other sources with additional IP/URLs that are not blocked by paloalto as this company also does not know everything. Sometimes it makes sense to create such drop policies with more than just one list.</P> <P>&nbsp;</P> <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/11943">@kiwi</a>&nbsp;isn't it updated with the antivirus updates as only this one is updated daily?</P> Sun, 03 Sep 2023 06:32:49 GMT https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/556270#M112941 Remo 2023-09-03T06:32:49Z https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/579027#M116094 <P><SPAN>Hello Team,</SPAN><BR /><BR /><SPAN>We are not able to add Predefine EDL list into the security Policy. Please help on it.</SPAN></P> Fri, 01 Mar 2024 14:50:53 GMT https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/579027#M116094 ltinetwork 2024-03-01T14:50:53Z https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/579035#M116095 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1468775903">@ltinetwork</a>&nbsp;,</P> <P>&nbsp;</P> <P>What seems to be the problem ?&nbsp;</P> <P>&nbsp;</P> <P><SPAN><EM><STRONG>With an active Threat Prevention license</STRONG></EM>, Palo Alto Networks provides built-in IP address EDLs that you can use to protect against malicious hosts.&nbsp; You should be able to select</SPAN><SPAN>&nbsp;them as a s</SPAN>ource or destination address object in a Security Policy Rule as shown below.</P> <P><LI-WRAPPER></LI-WRAPPER></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kiwi_0-1709306974471.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58013iBA02407CFC6ABD11/image-size/large?v=v2&amp;px=999" role="button" title="kiwi_0-1709306974471.png" alt="kiwi_0-1709306974471.png" /></span></P> <P>&nbsp;</P> <P>What seems to be the problem exactly ?</P> <P>You don't see them ? Is your threat license active ?</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Fri, 01 Mar 2024 15:31:57 GMT https://live.paloaltonetworks.com/t5/general-topics/questions-about-edl/m-p/579035#M116095 kiwi 2024-03-01T15:31:57Z