06-28-2021 08:23 AM
Greetings,
New to Palo Alto Firewall 850. I am wondering if this firewall has a feature that can ingest threat feeds from MISP.
Please advise.
06-29-2021 09:44 AM
Hello,
While I have not done this, check out MindMeld:
https://live.paloaltonetworks.com/t5/minemeld/ct-p/MineMeld
It might work for you.
Regards,
06-29-2021 10:54 AM
The preferred way is to leverage External Dynamic List (EDLs)
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/use-an-external-dynamic-list-in-po...
If the threat feeds from the MSP are formatted in a text file, there is a high probability one could just ingest them without using MindMeld (as OtakarKlier stated), but MindMeld will assist in normalizing and removing duplicates IOCs from various threat feeds. Also Cortex XSOAR also has the ability process IoC and create EDLs as well with their Threat Intel Management Module.
https://www.paloaltonetworks.com/cortex/threat-intel-management
Hope this Helps.
06-29-2021 10:56 AM
Minemeld can mine that data and create EDLs, among others. There is also the product "Autofocus", but that may be getting ingested into Cortex soon.
07-09-2021 07:42 AM
MISP can produce a text formatted file. I would like to know if in the firewall dashboard itself has a feature that I can define the threat source feed?
07-09-2021 10:18 AM
Hello,
It depends, if its an IP address or domain, then yes. But not like a SNORT rule.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
