Configure and manage your external dynamic lists in Cortex XSIAM.
An External Dynamic List (EDL) is a hosted text file. In Cortex XSIAM, you can configure an EDL to share a list of Cortex XSIAM indicators with other products in your network, such as a firewall. For example, your Palo Alto Networks firewall can add IP address and domain data from the EDL to block or allow lists.
Cortex XSIAM hosts two external dynamic lists you can configure and manage.
IP Addresses EDL
Domain Names EDL
Note
To configure an EDL, you must have a role that includes EDL permissions, such as Instance Admin or Account Admin.
Configuring custom certificates or private API Keys in the EDL integration instance is supported only on engines, not on the Cortex XSIAM server.
For EDL integrations on the server, you must set a username and password. For long running integrations running on an engine, we strongly recommend setting a username and password, but it is not required.
You can set credentials for all EDL integrations or for a specific integration instance. If you set a username and password in an EDL integration instance, only those credentials are accepted and the username and password you set in the Cortex XSIAM do not work.
You can set up Cortex XSIAM to export internal data to an EDL using an EDL integration installed either on the Cortex XSIAM tenant or on an engine.
Note
The legacy external dynamic list PAN-OS integration is deprecated. Configure the EDL integration by clicking the Automation & Feed Integration link.