https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319843#M81955 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132841">@johnde</a>You can simply webpage using IIS under windows server. You can refer below link to do the configuration.</P><P>&nbsp;</P><P><A href="https://www.youtube.com/watch?v=abqTcXeyst0" target="_blank">https://www.youtube.com/watch?v=abqTcXeyst0</A></P><P>&nbsp;</P><P>Once your webpage is ready, configure feed url under EDL.</P><P>&nbsp;</P><P>Hope it helps!</P><P>&nbsp;</P><P>Mayur</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 01 Apr 2020 06:25:58 GMT SutareMayur 2020-04-01T06:25:58Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319592#M81946 <P>Hello All,</P><P>Just curious as to what additional threat feeds you use to ingest into your PAN. Here are some of the ones we use:</P><P><BR />Threat intelligence blocklists<BR /><A href="https://talosintelligence.com/documents/ip-blacklist" target="_blank">https://talosintelligence.com/documents/ip-blacklist</A><BR /><A href="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" target="_blank">http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt</A><BR /><A href="http://panwdbl.appspot.com/" target="_blank">http://panwdbl.appspot.com/</A><BR /><A href="http://www.spamhaus.org/drop/drop.txt" target="_blank">http://www.spamhaus.org/drop/drop.txt</A><BR /><A href="http://www.spamhaus.org/drop/edrop.txt" target="_blank">http://www.spamhaus.org/drop/edrop.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/openbl.txt" target="_blank">http://panwdbl.appspot.com/lists/openbl.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/bruteforceblocker.txt" target="_blank">http://panwdbl.appspot.com/lists/bruteforceblocker.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/mdl.txt" target="_blank">http://panwdbl.appspot.com/lists/mdl.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/ettor.txt" target="_blank">http://panwdbl.appspot.com/lists/ettor.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/etcompromised.txt" target="_blank">http://panwdbl.appspot.com/lists/etcompromised.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/dshieldbl.txt" target="_blank">http://panwdbl.appspot.com/lists/dshieldbl.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/sslabuseiplist.txt" target="_blank">http://panwdbl.appspot.com/lists/sslabuseiplist.txt</A><BR /><A href="http://panwdbl.appspot.com/lists/zeustrackerbadips.txt" target="_blank">http://panwdbl.appspot.com/lists/zeustrackerbadips.txt</A></P><P>&nbsp;</P><P>Would love to hear all of your thoughts whether its into the PAN or SIEM or something else.&nbsp;</P><P>&nbsp;</P><P>Regards,</P> Tue, 31 Mar 2020 15:06:13 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319592#M81946 OtakarKlier 2020-03-31T15:06:13Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319604#M81949 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/27580">@OtakarKlier</a>,</P><P>&nbsp;</P><P>We have configured our own feed url on windows based server and added it under EDL. Whenever we find any of malicious/suspicious IP/domain, we add it under site.</P><P>&nbsp;</P><P>We haven't configured any of publically available URLs as given below. The reason being we do not have any control on it.</P><P>&nbsp;</P><P>Mayur</P> Tue, 31 Mar 2020 15:45:38 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319604#M81949 SutareMayur 2020-03-31T15:45:38Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319620#M81950 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132521">@SutareMayur</a>&nbsp;How to configure own feed url on windows server?</P> Tue, 31 Mar 2020 16:55:07 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319620#M81950 johnde 2020-03-31T16:55:07Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319843#M81955 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132841">@johnde</a>You can simply webpage using IIS under windows server. You can refer below link to do the configuration.</P><P>&nbsp;</P><P><A href="https://www.youtube.com/watch?v=abqTcXeyst0" target="_blank">https://www.youtube.com/watch?v=abqTcXeyst0</A></P><P>&nbsp;</P><P>Once your webpage is ready, configure feed url under EDL.</P><P>&nbsp;</P><P>Hope it helps!</P><P>&nbsp;</P><P>Mayur</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 01 Apr 2020 06:25:58 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319843#M81955 SutareMayur 2020-04-01T06:25:58Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319988#M81981 <P>Great, thanks Mayur.</P> Wed, 01 Apr 2020 13:23:34 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/319988#M81981 johnde 2020-04-01T13:23:34Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/320642#M82105 <P>I love firehol</P><P>&nbsp;</P><P><A href="http://iplists.firehol.org/" target="_blank">http://iplists.firehol.org/</A></P> Fri, 03 Apr 2020 19:39:29 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/320642#M82105 jasonwald 2020-04-03T19:39:29Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/359912#M88027 <P><A href="http://panwdbl.appspot.com/lists/mdl.txt" target="_blank" rel="nofollow noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer">http://panwdbl.appspot.com/lists </A></P><P>Appears to be down. Not sure if the author removed it permanently or not? If so that is a real bummer.</P> Fri, 30 Oct 2020 14:00:10 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/359912#M88027 jasonwald 2020-10-30T14:00:10Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/359925#M88036 <P>Hello,</P> <P>Just a reminder that Palo Alto has a lot of back end feeds and bots that continuously update their stack. I think that a properly configured system with regular updates and dynamic inspection is a good part of an overall security strategy.</P> <P>&nbsp;</P> <P>Regards,</P> Fri, 30 Oct 2020 16:46:08 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/359925#M88036 OtakarKlier 2020-10-30T16:46:08Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/360045#M88050 <P>same here <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Sat, 31 Oct 2020 12:09:47 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/360045#M88050 Isaaczarb 2020-10-31T12:09:47Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/475021#M103413 <P><A href="http://panwdbl.appspot.com/lists/openbl.txt" target="_blank" rel="nofollow noopener noreferrer">http://panwdbl.appspot.com/lists/openbl.txt</A>&nbsp;and other panwdbl.appspot.com URLs are now retired.&nbsp;</P><P>I'm looking for an SSL abuse list, anyone know of a vetted one?</P> Tue, 22 Mar 2022 18:30:55 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/475021#M103413 j04nMan 2022-03-22T18:30:55Z https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/475023#M103414 <P>Here's a live TOR Exit Node block list - for ingress</P><P><A href="https://www.dan.me.uk/torlist/" target="_blank">https://www.dan.me.uk/torlist/</A></P> Tue, 22 Mar 2022 18:32:43 GMT https://live.paloaltonetworks.com/t5/general-topics/where-do-you-get-additional-threat-feeds-from/m-p/475023#M103414 j04nMan 2022-03-22T18:32:43Z