PaloAlto - Dynamic Block List – Part 2
In the last post I showed you how to create an awesome block list, but you may have notice a pre-built list that Palo Alto has created for us. In order to use this function, you will need a Threat Prevention Subscription to use them successfully. The pre-defined list gets updated daily by palo alto. There is a significant performance upgrade to the list. The palo alto team monitors the list daily to keep the list as accurate as possible.
Palo Alto's Pre-defined list:
In Part 1, I mentioned that we can use open source links to update our malicious IP address list. We are crossing our finger that the list does not go down and we are also relying on the website to keep them updated and as accurate as possible.
Open source links might need a bit of white-listing from time to time.
Palo Alto's Pre-defined list:
- Palo Alto Networks - Known malicious IP addresses - This list will contain IP addresses that palo alto has defined as malicious. The list is created by Unit 42 research team, WildFire reports, and gathered reports from Telemetry. Telemetry is an option that you can opt into.
- Palo Alto Networks - High risk IP addresses - This list is created by trusted third-party organizations.
In Part 1, I mentioned that we can use open source links to update our malicious IP address list. We are crossing our finger that the list does not go down and we are also relying on the website to keep them updated and as accurate as possible.
Open source links might need a bit of white-listing from time to time.
Tip:
I would use both Palo Alto’s Block List and a Public list
from my previous post. You get the best of both worlds.
But wait when does it get update?
That’s all on you buddy 😉
Go to:
Device > Dynamic Updates
You can schedule it to just download, download and install,
sync with HA, and much more.
Make sure you have it scheduled to install and you can also
click on “Release Notes” to see if any new IP’s are being added.
All updates will be different, they will add or remove IPs
from the list. In this example they added nothing ☹
Please visit by previous post to see how to configure a Dynamic Block List: