Integrating Malware Patrol’s data into a powerful security tool such as Palo Alto’s world-class firewall increases its effectiveness. The specialized insights from our threat intelligence bolster the firewall’s defenses, providing broader coverage, improved threat detection, and proactive prevention.

Malware Patrol offers five data feeds formatted for Palo Alto’s NGFW.

1. DNS-over-HTTPS (DoH) Servers: This feed gives security teams control over the use of DoH in their environment. DoH wraps DNS queries in an HTTPS request, which can disguise malicious traffic. Several malware families take advantage of this to use DoH for their C2 communications.

2. Malicious Domains: Prevent access to domains hosting malware, ransomware, phishing, cryptominers, and command and control servers (C2s) for over a hundred malware and ransomware families. Especially important, blocking C2 communication disrupts the attacker’s ability to execute malicious commands and navigate laterally within the network, essentially breaking the cyber kill chain. This enhances security teams’ chances of mitigating the impact of an attack and minimizing potential damage.

3. Malicious IPs: Provides a first line of defense against threats for which signature-based indicators may not yet be available. The broad coverage of IPs may also extend protection to attacks from adversaries utilizing the same infrastructure. The feed includes IPs actively hosting malicious files as well as C2 systems for malware and ransomware.

4. Malware URLs: By leveraging malicious URL feeds, security tools can block access to harmful links while still allowing legitimate services hosted on the same domain. This level of precision prevents the unnecessary blocking of popular and legitimate platforms, such as Dropbox or Google Drive, where malicious content is frequently hosted.

5. Scam Domains: Unlike other cyber threats that may rely on known patterns or malicious code, scams often leverage social engineering and psychological manipulation to deceive victims. That makes them hard to detect with conventional automated systems. This feed fills in the gaps for threat intellligence’s “gray area” with ScamAdviser’s extensive database covering online shopping, investment and crypto, identity theft, advance fees, employment, romance, subscriptions and other types of scams.

Palo Alto Firewall Configuration Guides

Our written guide is available here.

Pre-integration: Create website certificate profiles required for EDLs

Integrate Malware Patrol’s Malicious IPs Feed

Integrate Malware Patrol’s Malicious Domains Feed

Integrate Malware Patrol’s Malware and Ransomware URLs feed


Palo Alto Networks NGFW features:

“Quickly and accurately profile any IoT device to reveal its type, vendor, model, firmware and more while using cloud scale to compare device usage, validate profiles and fine-tune models so devices don’t go unmanaged.

With zero-delay signatures, every internet-connected NGFW in a network is updated within single-digit seconds of an analysis, ensuring the first user to see a threat is the only user to see that threat.

Use AIOps to deliver high ROI — improve your security posture without adding staff or buying new equipment, and avoid costly outages by predicting firewall health.”