With an active Threat Prevention license, Palo Alto Networks provides built-in IP
address EDLs that you can use to protect against malicious hosts.
Where Can I Use This?
What Do I Need?
NGFW (Cloud Managed)
NGFW (PAN-OS & Panorama Managed)
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Panorama)
Check for any license or role requirements for the
products you're using.
With an active Threat Prevention license, Palo Alto Networks provides built-in IP address
EDLs that you can use to protect against malicious hosts.
Palo Alto Networks Bulletproof IP Addresses—Contains IP addresses provided
by bulletproof hosting providers. Because bulletproof hosting providers place
few, if any, restrictions on content, attackers frequently use these services to
host and distribute malicious, illegal, and unethical material.
Palo Alto Networks High-Risk IP Addresses—Contains malicious IP addresses
from threat advisories issued by trusted third-party organizations. Palo Alto
Networks compiles the list of threat advisories, but does not have direct
evidence of the maliciousness of the IP addresses.
Palo Alto Networks Known Malicious IP Addresses—Contains IP addresses that
are verified malicious based on WildFire analysis, Unit 42 research, and data
gathered from telemetry (share threat intelligence with Palo Alto
Networks). Attackers use these IP addresses almost exclusively to
distribute malware, initiate command-and-control activity, and launch
attacks.
Palo Alto Networks Tor Exit IP Addresses—Contains IP addresses supplied by
multiple providers and validated with Palo Alto Networks threat intelligence
data as active Tor exit nodes. Traffic from Tor exit nodes can serve a
legitimate purpose, however, is disproportionately associated with malicious
activity, especially in enterprise environments.
Your configuration receives updates for these feeds in content updates, allowing the it
to automatically enforce policy based on the latest threat intelligence from Palo Alto
Networks. You cannot modify the contents of the built-in lists. Use them as-is (see
Enforce Policy on an External Dynamic
List), or create a custom external dynamic list that uses one of the lists as
a source (see Configure Your Environment to Access an External Dynamic List) and exclude entries from the list as needed.