1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. AutoFocus Feeds
    5. Create Custom Feeds

    Create Custom Feeds

    To export threat intelligence data generated from AutoFocus and other Palo Alto Networks connected services, you must create custom feeds, which organize data into a specific, user-defined set that can be output into URL lists or EDLs.
    User-defined feeds can retrieve a maximum of 100,000 IPv4 indicators or 5,000 indicators of all other types, per request. As a best practice, specify a frequency in which the firewall (or any other third party consumer of threat indicators, such as a TIP or SIEM) retrieves a feed list at a corresponding rate to which the indicators are produced. If the number of indicators in a feed list exceed the rate at which they can be retrieved, it is possible that not all of the indicators will be consumed. Alternatively, consider creating multiple feeds with more specificity to generate a manageable number of indicators per query. This allows you to better organize and control the type of threat indicators sent to an EDL or URL list.
    1. Select
      Feeds
       on the navigation pane and then select
      Create a Feed
      .
    2. Select an indicator type and search conditions to define the limits of a search and click
      Next
       to continue. Depending on the indicator type, you might have predefined values or the option to enter an exact value. You can change the scope of your indicator query by adding or removing ( )conditions. For a preview list, click
      Search
      . This displays a list based on the search conditions you have defined.
    3. Configure the custom feed details.
      You cannot create a custom feed using duplicate query conditions.
      1. Provide a
        Name
         and
        Description
        . The name and description must be at least three and ten characters in length, respectively.
      2. Select the output method:
        • URL—Provides a standard custom URL list for use with third-party applications and devices.
        • EDL—Provides an external dynamic list to be used with the Palo Alto Networks firewall.
    4. (EDL Feeds Only) Select an indicator type.
    5. (EDL Feeds Only) Specify the
      EDL Feed Authentication
       username and password.
    6. Verify that all the entries are correct and
      Save
       to continue.
    7. After the custom feed is created, a link to the object appears at the bottom of the page. Click on the
      Feed URL
       to view the results, otherwise click
      Exit
       to return to the
      Custom Feeds
       overview page.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo