Approve EDL entries for Palo Alto Networks

  • Release version: Xanadu
  • Updated October 22, 2024
  • 1 minute to read

    • Approving External Dynamic List (EDL) entries is part of the pre configuration. You must approve the EDL entries before the entries are activated on EDLs for the firewall to retrieve the entry and apply the security policy.

    Before you begin

    Role required: sn_sec_tisc.admin

    About this task

    When the approval process is enabled, an EDL entry is not activated or deactivated on the EDL until it is approved.

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center > Threat Analyst Workbench.
    2. Drill down to PAN NGFW section and select the EDL record for approval.
    3. Go to My Approvals.
    4. Select the EDL record(s) for approval.
    5. Click Approve.
    6. Under My Approval requests, click an item in the State column to open it.
    7. Choose the option for approving the EDL entry.
      OptionDescription
      Approve On the entry record, the Status field changes to Added, and the Active check box is selected. The Deactivate button is displayed and active.

      Work notes show that the request for the EDL entry has been approved.
      Reject On the entry record, the Status field changes to Rejected, and the Active check box is cleared indicating the entry is not blocked on the firewall.

      Work notes show that the request for the EDL entry has been rejected.
      After you have approved the EDL entry and it is activated, the Palo Alto Networks retrieves the EDL entry after the next retrieval interval. After the entry is retrieved, the observable is blocked from that point forward. In the following figure, note that the Active check box is selected, the status is Added, and the work notes indicate that the request has been approved.
      Approved EDL entry.