Approve EDL entries
An approval process for External Dynamic List (EDL) entries is part of the preconfigured workflow. You approve EDL entries before the entries are activated on EDLs. One you approve the EDL entry, the firewall retrieves the entry, and your observable is blocked from that point forward.
Before you begin
Role required: Approval for EDL entries is assigned to sn_si.admin by default, but this authority can be assigned as required by your organization. In the following example, the ServiceNow AI Platform admin has approval authority.
About this task
Procedure
-
On the EDL record, scroll to the Approval Requests section.
Note:If you have Tabbed forms selected in System Settings, the section appears as a tab on the record.
-
In Approval requests, click an item in the State column
to open it.
The approval record is displayed.
-
Choose one option for approving the EDL entry.
Option Description Approve On the entry record, the Statusfield changes to Added, and the Active check box is selected. The Deactivatebutton is displayed and active.
Work notes show that the request for the EDL entry has been approved.
Reject On the entry record, the Status field changes to Rejected, and the Active check box is cleared indicating the entry is not blocked on the firewall. Work notes show that the request for the EDL entry has been rejected.
After you have approved the EDL entry and it is activated, the Palo Alto Networks Next-Generation Firewall retrieves the EDL entry after the next retrieval interval. After the entry is retrieved, the observable is blocked from that point forward. In the following figure, note that the Active check box is selected, the status is Added, and the work notes indicate that the request has been approved.After the EDL entry is approved and activated, the security incident record is marked with a security tag. The tag is displayed at the top of the record.
The security tag is also displayed on the observable record.