A quick way to add Dynamic External Lists to your Paloalto firewall via cli is as follows.
login to your firewall via SSH.
type configure and paste the below
set external-list tor-threats type ip url http://panwdbl.appspot.com/lists/ettor.txt recurring hourly
set external-list spamhaus-drop type ip url http://panwdbl.appspot.com/lists/shdrop.txt recurring hourly
set external-list spamhaus-edrop type ip url http://panwdbl.appspot.com/lists/shedrop.txt recurring hourly
set external-list bf-blocker-rbl type ip url http://panwdbl.appspot.com/lists/bruteforceblocker.txt recurring hourly
set external-list malware-rbl type ip url http://panwdbl.appspot.com/lists/mdl.txt recurring hourly
set external-list compromised-hosts-rbl type ip url http://panwdbl.appspot.com/lists/etcompromised.txt recurring hourly
set external-list dshield-rbl type ip url http://panwdbl.appspot.com/lists/dshieldbl.txt recurring hourly
set external-list ssl-rbl type ip url http://panwdbl.appspot.com/lists/sslabuseiplist.txt recurring hourly
set external-list zeus-rbl type ip url http://panwdbl.appspot.com/lists/zeustrackerbadips.txt recurring hourly
from the UI if you look under Objects and External Dynamic lists you can see the below added to your device.
it is recommended that you create 2 security rules at the very beginning blocking all outgoing and incoming traffic to the address lists below.
after a few hours of running you can see the hit count rise as to how many attacks have been blocked by these malicious IPs