Adding threat feeds to NGFW 850 - is there such a feature?

cancel
Showing results for 
Search instead for 
Did you mean: 

Adding threat feeds to NGFW 850 - is there such a feature?

L0 Member

Greetings,

 

New to Palo Alto Firewall 850. I am wondering if this firewall has a feature that can ingest threat feeds from MISP.

Please advise.

5 REPLIES 5

Cyber Elite
Cyber Elite

Hello,

While I have not done this, check out MindMeld:

 

https://live.paloaltonetworks.com/t5/minemeld/ct-p/MineMeld

 

It might work for you.

 

Regards,

L0 Member

The preferred way is to leverage External Dynamic List (EDLs)

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/use-an-external-dynamic-list-in-po...

 

If the threat feeds from the MSP are formatted in a text file, there is a high probability one could just ingest them without using MindMeld (as OtakarKlier stated), but MindMeld will assist in normalizing and removing duplicates IOCs from various threat feeds. Also Cortex XSOAR also has the ability process IoC and create EDLs as well with their Threat Intel Management Module. 

https://www.paloaltonetworks.com/cortex/threat-intel-management

 

Hope this Helps.

L5 Sessionator

Minemeld can mine that data and create EDLs, among others. There is also the product "Autofocus", but that may be getting ingested into Cortex soon.

Help the community! Add tags & mark solutions please.

MISP can produce a text formatted file. I would like to know if in the firewall dashboard itself has a feature that I can define the threat source feed?

Hello,

It depends, if its an IP address or domain, then yes. But not like a SNORT rule.

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!