- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-07-2023 12:00 PM
We would like to know if we can integrate 3rd Party feeds in Palo Alto firewall for blocking IOC's automatically.
Generally we seen people integrate Open Source threat intel with SIEM etc with Virus total and IBM Xforce xchange
https://www.dshield.org/block.txt
https://blocklist.greensnow.co/greensnow.txt
Open source threat intel to block IOC's automatically
03-07-2023 12:29 PM - edited 03-07-2023 12:32 PM
Hi @Majid1Khan ,
You can create an External Dynamic List https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol... that points to a text file of IP addresses or subnets, domains, or URLs. These EDLs can be added to source or destinations in security rules.
This site translates your dshield list to the proper format -> http://opendbl.net/. The greensnow one should work fine as is.
Thanks,
Tom
PS MineMeld can translate STIX feeds or more complicated formats -> https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld. I think it will eventually be migrated to Cortex XSOAR TIM -> https://www.paloaltonetworks.com/cortex/threat-intel-management. The 1st is free. The 2nd is not.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!