What commands can be used to find associated IP addresses within the EDL
9066
Created On 01/19/22 19:32 PM - Last Modified 01/24/24 21:24 PM
Question
How to find the EDLs (predefined or custom or third-party) that contain the specific IP?
Environment
- PAN-OS 8.1 and above
- Palo Alto Firewall
- External Dynamic List (EDL)
Answer
The command "request system external-list global-find string <ip or a part of IP>" can be used to find the related EDLs belonging to the IP.
Examples:
- To find the the name of EDL for a specific IP address.
>request system external-list global-find string 5.2.79.187
/config/predefined/ip-block-list-v2/entry[@name='panw-torexit-ip-list']
The IP 5.2.79.187 is included in the "Palo Alto Networks Tor Exit IP Addresses".
- Providing a part of IP address will also list the associated EDLs
>request system external-list global-find string 5.2.6.
/config/predefined/ip-block-list-v2/entry[@name='panw-highrisk-ip-list']
/config/predefined/ip-block-list-v2/entry[@name='panw-torexit-ip-list']
/config/predefined/ip-block-list-v2/entry[@name='panw-known-ip-list']
/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/external-list/entry[@name='EDL_Test']Additional Information
How to view the EDL Palo Alto Networks - Known malicious IP Addresses, High Risk IP Addresses, Bulletproof IP Addresses.