Armis automatically updates the Palo Alto Networks NGFW by adding the compromised device to anExternal Dynamic List (EDL). The EDL is hosted on the Armis virtual appliance so that it may be used in aNGFW policy to deny, drop or reset a connection.