We use minemeld and it works really well. Especially as a docker container, it just works. Add as many lists as you want and get the output aggregated without duplicates.
I'd say PA embedded dynamic lists don't reflect zero-day or even known-for-a-week malicious IP addresses.
I looked through several public IP BlackList web-sites and found practically useful this one.Just add it to Objects - EDL: http://lists.blocklist.de/lists/all.txt
Another vote of confidence for the included block lists. They've been running in the environment I previously managed for going on three years now with no negative impacts to our environment.
We use minemeld and it works really well. Especially as a docker container, it just works. Add as many lists as you want and get the output aggregated without duplicates.
I'd say PA embedded dynamic lists don't reflect zero-day or even known-for-a-week malicious IP addresses.
I looked through several public IP BlackList web-sites and found practically useful this one. Just add it to Objects - EDL: http://lists.blocklist.de/lists/all.txt
Another vote of confidence for the included block lists. They've been running in the environment I previously managed for going on three years now with no negative impacts to our environment.
yes, those are automatically updated via content updates in Device > Dynamic Updates > apps + threats
Those EDL get preloaded by default starting from 8.1
I set them up in both directions for every deployment I do and have not had any complaints so far ;) (minemeld feed is my own custom feed)