u/Traditional-Tech23 wanted to know how to auto block IPs from threat logs with log forwarding. I didn't even know this was possible! In this video, I walk through how to do this.
Original Reddit thread: https://www.reddit.com/r/paloaltonetworks/comments/1hdg5ia/auto_blocking_ips_from_threat_logs_with_a_log/
My LinkedIn post on the attack from 1[.]1[.]1[.]1: https://www.linkedin.com/posts/cyberwes_did-anyone-else-notice-suspicious-traffic-activity-7281092623358914560-0nKC
00:00 Introduction
01:20 Configuration
11:28 Wes Yaps During Commit
13:50 Validation
15:34 One Day Later
20:32 Conclusion
