Maintain a webserver, file or list with a set domains which are deemed suspicious, malicious, or benign which solutions can utilize. Solutions can retrieve this list of domains on an interval. Many solutions require a specific format which the data will be structured in, so the display of the data should be able to change based on the solution utilizing the list. Some solutions also provide access for blocking specific URL paths.
Many host based and network firewalls may also have a dedicated rule that can be updated with domain addresses, blocking access early in the rulebase.
Request URLs to be added to Zscaler Allowlist | Story Library | Tines
Block scanning IPs with Palo Alto external dynamic list | Library | Tines
Crowdstrike Firewall Domain Blocking | Library | Tines
Query GreyNoise for CVEs and update blocklist | Library | Tines
PAN-OS and EDLs - Everything You Wanted to Know about External Dynamic Lists