Integrating 3rd Party feeds in Palo Alto firewall for blocking IOC's

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Integrating 3rd Party feeds in Palo Alto firewall for blocking IOC's

L0 Member

We would like to know if we can integrate 3rd Party feeds in Palo Alto firewall for blocking IOC's automatically.

Generally we seen people integrate Open Source threat intel with SIEM etc with Virus total and IBM Xforce xchange

https://www.dshield.org/block.txt
https://blocklist.greensnow.co/greensnow.txt
Open source threat intel to block IOC's automatically

1 REPLY 1

Cyber Elite
Cyber Elite

Hi @Majid1Khan ,

 

You can create an External Dynamic List https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol... that points to a text file of IP addresses or subnets, domains, or URLs.  These EDLs can be added to source or destinations in security rules.

 

This site translates your dshield list to the proper format -> http://opendbl.net/.  The greensnow one should work fine as is.

 

Thanks,

 

Tom

 

PS MineMeld can translate STIX feeds or more complicated formats -> https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld.  I think it will eventually be migrated to Cortex XSOAR TIM -> https://www.paloaltonetworks.com/cortex/threat-intel-management.  The 1st is free.  The 2nd is not.

Help the community: Like helpful comments and mark solutions.
  • 3037 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!