External Dynamic List

🔍 What is an External Dynamic List?

An External Dynamic List (EDL) is a customizable, dynamic threat feed designed to provide security devices (like firewalls, SIEMs, or endpoint tools) with up-to-date Indicators of Compromise (IOCs), such as IPs, domains, and URLs. Our platform allows users to bring their own threat lists, apply custom exclusion rules, and generate user-specific EDLs that are accessible via URL.

🌟 Key Features

Bring Your Own IOC Lists
Custom List Combination
Exclusion Logic
No Authentication Required

⚙️ How to Create & Export an EDL

📍 Step-by-Step Instructions

Navigate to:
Profile → Manage Organization → Manage Blocklist
Click on "Generate New File"
Have a name to your EDL
Enter the details of IP address who can view this EDL.
Choose one or more existing lists from "Select Lists for Blocklist".
Apply optional exclusion filters:
- Ignore items from your organization’s whitelist
- Exclude specific IP ranges
Save the list and copy the generated EDL link for External Integretion.

👁️ Visibility and Sharing

Viewable via allowed IP A user can only view or retrieve the EDL if their public IP address is explicitly allowed in the EDL configuration.
Easily Shareable
Share your EDL link with security appliances, SOC teams, or partner systems to automatically ingest and enforce IOC.
No Sign-In Required for Access
The EDL link is public (though unlisted), allowing seamless integration with firewalls or threat detection tools that cannot use authentication headers or tokens.