Saucepan

User Tools

Site Tools

Trace: globalprotect edl bgp lacp testing_panos technical_support_file logs user_id
paloaltonetworks:configuration:edl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:configuration:edl [2022/09/07 11:17] – external edit 127.0.0.1paloaltonetworks:configuration:edl [2025/05/22 10:11] (current) bstafford
Line 1: Line 1:
 ====== External Dynamic Lists ====== ====== External Dynamic Lists ======
 Palo have a public list for Microsoft Azure and Microsoft 365 [[https://docs.paloaltonetworks.com/resources/edl-hosting-service.html|here]]. Palo have a public list for Microsoft Azure and Microsoft 365 [[https://docs.paloaltonetworks.com/resources/edl-hosting-service.html|here]].
 +
 +There are other SaaS products to manage EDL
 +  * [[https://edlmanager.com/|EDL Manager]]
 +  * [[https://ipengine.io/|ipEngine]]
  
 Also, when downloading a dynamic list over SSL (HTTPS), you will need to use a certificate profile that includes the root certificate. However, some certificates are signed by two chains. Your web browser may only show one chain. You can use https://www.ssllabs.com/ssltest to show a list of both chains (assuming it is a public facing site). The ssllabs page will allow you to download the chain files. Also, when downloading a dynamic list over SSL (HTTPS), you will need to use a certificate profile that includes the root certificate. However, some certificates are signed by two chains. Your web browser may only show one chain. You can use https://www.ssllabs.com/ssltest to show a list of both chains (assuming it is a public facing site). The ssllabs page will allow you to download the chain files.
 +===== Limitations =====
 +PA-440 on PAN-OS 11.1.2-h3 - EDL Limits for downloading Infoblox Feed data to "Domain" list.
 +  * Enable "Automatically expand to include subdomains" - 967,785 items
 +  * Disable "Automatically expand to include subdomains" - 641,382 items
 +
 +=====Cron Tab=====
 +From [[https://www.reddit.com/r/paloaltonetworks/comments/x1he4n/do_you_still_use_minemeld_any_alternatives/|Reddit]]
 +
 +<code>*/10 * * * * user curl -L https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt | grep -Eo '([0-9]{1,3}.){3}[0-9]{1,3}' | grep -v '0.0.0.0' | grep -v 'your ip or first three Octets of /24' | grep -v '/127(?:.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?){3}$)|(10(?:.(25[0-5]|2[0-4][0-9]|> [01]?[0-9][0-9]?)){3}$)|(192.168(?:.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}$)|(172.(?:1[6-9]|2\d|3[0-1])(?:.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}$)' > /var/tmp/feodo_tracker_botnet_c2_ip_blocklist.txt && mv /var/tmp/feodo_tracker_botnet_c2_ip_blocklist.txt /var/www/html/block_lists/feodo_tracker_botnet_c2_ip_blocklist.txt</code>
 +
 +For lists with cidrs you would change line <code>-Eo '([0-9]{1,3}.){3}[0-9]{1,3}'</code> to <code>-Eo '([0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{2}'</code>
 +
 +This also has some checks to look for your public ip space, remove rf 1918 space and null entry 0.0.0.0.
paloaltonetworks/configuration/edl.1662549422.txt.gz · Last modified: (external edit)