Thanks for the post; although I found it after I had experienced the same thing; however, my list did not include a *.com or *.it.
name@fw(active)> request system external-list show type ip name edl-phishing-sites vsys1/edl-phishing-sites: Next update at : Thu Dec 27 16:00:02 2018 Source : https://10.x.x.x/feeds/phishing-url?v=panosurl Referenced : Yes Valid : Yes Auth-Valid : Yes
Total valid entries : 2013 Total invalid entries : 59
Went through the entire text and did not find a string or consecutive wildcards together. Can't figure out why this would have recategorized pretty much every common domain as edl-phishing-sites. Thankfully I deny all traffic to those sites with my policy. We had a connectivity issue for about 5 minutes until I could back everything out. What a pita.
... View more
Custom URL category is configured to block phishing URLs collected from Linux MineMeld server through EDL. For some reason adding filter "?v=panosurl" (https://10.9.0.60/feeds/phishing-url?v=panosurl) to retrieve URLs in PAN-OS supported format (malware.com) is creating issue as all the websites are categorized as phishing and blocked. Using without filter ( https://10.9.0.60/feeds/phishing-url) don't work because URLs are retrieved in format (http://malware.com)
Found this live community post for similar issue https://live.paloaltonetworks.com/t5/General-Topics/Adding-v-panosurl-to-MineMeld-EDL-brought-down-our-entire/m-p/220352#M63569
What is the solution for this ?
... View more