The Palo Alto Threat Vault CDF enables users to ingest IP addresses from Palo Alto’s External Dynamic Lists (EDLs) via the Threat Vault API.

The integration provides the following feed:

• Palo Alto Threat Vault – retrieves and parses IP address data from Palo Alto Threat Vault EDLs.

The integration ingests the following indicator types:

• IP Address
• CIDR Block

Note: This integration supports both individual IP addresses and CIDR ranges from multiple list types.