Create Domain Exceptions and Allow | Block Lists (Strata Cloud Manager)

1. Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager on the hub.
2. Add domain overrides in cases where false-positives occur.

   1. Select ConfigurationNGFW and Prisma AccessSecurity ServicesDNS Security and select a DNS Security profile to modify.
   2. Add Override or Delete to modify the domain list entries as necessary. Each additional entry requires the domain and a description.

   3. Click OK to save your modified DNS Security profile.
3. Reference an external dynamic list (EDL) as part of your DNS Security profile to import third party threat feeds.

   1. Create an domain-based external dynamic list (ConfigurationNGFW and Prisma AccessObjectsExternal Dynamic Lists). For more information about EDLs, see External Dynamic List.
   2. Select ConfigurationNGFW and Prisma AccessSecurity ServicesDNS Security.
   3. In the External Dynamic Lists panel, select a domain list EDL and provide the Policy Action and Packet Capture settings. In Apply to Profiles, select the DNS Security profile for which you want the EDL domain list to apply to.
   4. Save your changes when you have finished making your updates.