7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists

Information

Create a pair of security rules at the top of the security policies ruleset to block traffic to IP addresses known to be malicious.
Rationale:
Creating rules that block traffic to/from known malicious sites from Trusted Threat Intelligence Sources protects you against IP addresses that Palo Alto Networks has proven to be used almost exclusively to distribute malware, initiate command-and-control activity, and launch attacks.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Navigate to Policies > Security.
Create a Security Policy with the Name 'Deny to Malicious IP' Source: Zone set to Any Address set to Any Destination: Zone set to Any Address set to "Palo Alto Networks - Known malicious IP addresses" Application set to Any Service set to Any Action set to Block Profile set to None
Create a Security Policy with the Name set to 'Deny From Malicious IP' Source: Zone set to Any Address set to "Palo Alto Networks - Known malicious IP addresses" Destination: Zone set to Any Address set to Any Application set to Any Service set to Any Action set to Block Profile set to None
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-6b., 800-53|SC-7, 800-53|SI-3, CSCv7|7, CSCv7|8, CSCv7|12

Plugin: Palo_Alto

Control ID: 25e7a57a415c0ff3f04e6704904b5e5679d0a87b2ee21bc0da5bf95cbc63cd00