topic Re: Security Based EDLs in General Topics

Security Based EDLs

Brandon_Wertz — Fri, 26 Apr 2019 13:38:52 GMT

I am trying out a PoC for Palo for a specific threat purpose. The box came with some EDLs that I didn't expect and figured I'd share here. They seem to cover a wide range of threats that would be really benefical for others to have deployed.

I'd just caution to take extra care in your production enviornment when implementing these blocks looking out for unintended consequences.

Re: Security Based EDLs

Remo — Fri, 26 Apr 2019 15:38:37 GMT

Did you find these on your 5260 PoC box? If yes, then these are probably configured by the admin that was able to play with this monster prior to you 😉

Re: Security Based EDLs

Brandon_Wertz — Fri, 26 Apr 2019 15:45:14 GMT

Yeah, they came predefined on the PoC box I'm working with. I'll probably end up integrating them into our prod environment.

Re: Security Based EDLs

OtakarKlier — Mon, 29 Apr 2019 18:14:04 GMT

Here are the ones we use. The Team-Cymru is not valid and we are removing it soon.

Re: Security Based EDLs

Brandon_Wertz — Mon, 29 Apr 2019 19:54:20 GMT

@OtakarKlier wrote:
Here are the ones we use. The Team-Cymru is not valid and we are removing it soon.

Looks like these are the same ones enabled on this 5260. I just didn't have the original URL in my screenshot as I wasn't sure where they came from and didn't know if I should share them:

Re: Security Based EDLs

OtakarKlier — Mon, 29 Apr 2019 20:33:21 GMT

They are free :).

Source on PAN support:

https://live.paloaltonetworks.com/message/54183#54183

Sans notes on this:

https://isc.sans.edu/forums/diary/Subscribing+to+the+DShield+Top+20+on+a+Palo+Alto+Networks+Firewall/19365/

Others listed on this site:

http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

http://malc0de.com/bl/IP_Blacklist.txt

http://panwdbl.appspot.com/lists/openbl.txt

http://panwdbl.appspot.com/

http://cinsscore.com/list/ci-badguys.txt