Configure EDL permissions.
EDL (External Dynamic List) enables security teams to:
Add IP Addresses and Domains to Dynamic Lists - Create lists of malicious or suspicious IPs/domains
Integrate with Palo Alto Networks Firewalls - EDL lists are automatically synced and enforceable on PANW firewalls.
Block Malicious Traffic - Firewalls can use EDL to block traffic to/from listed entities
Centralized Threat Response - Manage blocklists from a single location across your security infrastructure
For more information, see Manage external dynamic lists.
Note
This permission is for analysts to use as a response action during case investigation. The Long Running HTTP Integrations configuration (under Configurations) is for administrators to set up and manage the EDL service infrastructure. For more information, see Long-running HTTP Integrations configuration.
Permission | Description | Roles Example |
|---|---|---|
None | Nothing related to EDL, such as viewing EDL lists, adding entities to EDL, and accessing the EDL configuration. | |
View/Edit | Add new IPs and domains to EDL entries in Action Center, Causality View, Issue View, XQL Queries, Threat Intel, and playbooks. Also removing entries from EDL. | All SOC Analysts, Threat Hunters, and Security Engineers |