04-09-2025 04:24 AM
Hi,
Just want to make sure I understand Palo's EDL's correctly: a client has a query about 3 IP addresses that are not included in Palo's EDL, but is picked up as malicious via Virus Total and MXToolbox
138.199.15.177
179.43.149.114
45.148.10.237
The client wants to know why these specific IPs are not present in the EDLs and want's Palo to investigate these IPs to have it be included. According to my understanding, the EDLs are updated via 3rd party vendors, not Palo themselves. That said, these IPs are not well-known for being malicious, even other major vendors like Forti does not categories these as malicious yet.
Is this correct or is there a way to engage with Palo to review these IPs and have then included in the Palo EDLs?
Thanks
04-09-2025 10:57 PM
Hi @R.Bester ,
If an IP isn’t included in an EDL, it likely just hasn’t met the criteria for inclusion by the list’s owner whether it is from PAN or a third-party.
Do you know which specific EDL you’re referring to and who manages it? If it’s one of Palo’s predefined EDLs, you can open a support ticket to raise the concern and request a review of those IPs.
That said, if you’ve already found strong evidence that certain IPs are malicious, you don’t have to wait. You can easily create and host your own custom EDL that you can reference in your security policy.
EDLs are great to supplement your threat detection, but they shouldn't be the only layer of defense when you come across IPs/domains you would like to block.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
