Hello Guys,Our company where I am working for we want to put this on: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRvCAKIs this helpfull or handy im our company?
We use minemeld and it works really well. Especially as a docker container, it just works. Add as many lists as you want and get the output aggregated without duplicates.
I'd say PA embedded dynamic lists don't reflect zero-day or even known-for-a-week malicious IP addresses.
I looked through several public IP BlackList web-sites and found practically useful this one. Just add it to Objects - EDL: http://lists.blocklist.de/lists/all.txt
Another vote of confidence for the included block lists. They've been running in the environment I previously managed for going on three years now with no negative impacts to our environment.
yes, those are automatically updated via content updates in Device > Dynamic Updates > apps + threats
Those EDL get preloaded by default starting from 8.1
I set them up in both directions for every deployment I do and have not had any complaints so far ;) (minemeld feed is my own custom feed)