(Optional) Edit the security tag name for Palo Alto Networks Next-Generation Firewall

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 2 min. de leitura

    • If the Display tag check box is selected when you create the External Dynamic List (EDL) record, you can edit the tag names and colors of the security tags. Security tags help you track observables that are already blocked.

    Antes de Iniciar

    Role required: sn_si.admin

    Por Que e Quando Desempenhar Esta Tarefa

    Security tags help you quickly identify which security incidents have observables on a block list. Tags also help you identify whether an observable is already blocked, or, if it has been removed from an EDL. By default, the color of the security tag is black for block list entries and gray for allow list entries. You can change the names and colors of the tags to help you recognize certain tags more easily.

    Procedimento

    1. Navigate to All > Palo Alto Networks NGFW Integration > Firewall EDL Configuration.
      Select Firewall EDL Configuration.
    2. Click an item in the Name column to open it
      The EDL record is displayed. By default, the security tag name is the same value you entered in the Name field of the EDL when you created it. By default, the name also includes an EDL prefix, for example, EDL – Malware Malicious URLs.
      Security tag name in the EDL tag for observables field.
    3. Click the information icon (Information icon) next to EDL tag for observables then Open record.
      Open the EDL tag for observables record.
      The Security Tag Form is displayed.
      Security tag form.
    4. In the Name field, modify the security tag name and click Update.
      The updated EDL record is displayed with the modified tag name. In the following example, Outbound has been added to the tag name. Keep the EDL prefix in your new tag name to help you identify the tag is associated with the Palo Alto Networks Next-Generation Firewall integration.
      New security tag name in EDL tag for observables field.

      The security tags are displayed for each observable type (IP, URL, Domain) on the Security Incident record and the Observable record each time that observable is added to an EDL.

      Security Incident record with security tag.

      If an observable has already been added to an EDL, and a security tag is displayed on a security incident for this observable, the EDL security tag also is displayed automatically on any subsequent security incident records that are created. This duplication tells you that the observable is already on a block list. You do not need to add this observable and re-block it.

      When an observable is no longer blocked, a security tag is not displayed on the security incident record or the observable record. In this instance, no security tag indicates that the expiration date of the observable may have passed, or the observable has been deactivated from an EDL.