article How to Deploy MineMeld within Azure in Featured Articles

article How to Deploy MineMeld within Azure in Featured Articles https://live.paloaltonetworks.com/t5/featured-articles/how-to-deploy-minemeld-within-azure/ta-p/235380 <DIV class="lia-message-template-content-zone"><H1><A name="_Toc527131088"></A>Introduction</H1> <P>MineMeld is an open-source tool from Palo Alto Networks to assist in threat feed aggregation and consumption. MineMeld’s “miners” are responsible for retrieving feed data on a defined basis and importing the data into MineMeld. Once imported, feeds are deduplicated and aggregated into one or more lists. After aggregation, the lists are published and ready for consumption by Palo Alto Networks firewalls. MineMeld may be run on-premise or in a public cloud. This article shows the step-by-step process for deploying MineMeld within the Azure public cloud. </P> <P> </P> <H1><A name="_Toc527131089"></A>Deploy MineMeld to Azure</H1> <H2><A name="_Toc527131090"></A>Deploy Template</H2> <P>Use the MineMeld ARM Template to deploy the required Ubuntu server into Azure.</P> <P><SPAN><A href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/78730">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/78730</A></SPAN></P> <P> </P> <P>Click “Deploy To Azure” to get started.</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture1.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17151iE5CDC9BC4FEFFD98/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture1.png" alt="Picture1.png" /></span></P> <P> </P> <P> </P> <P>After filling in the required information, select purchase to continue.</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture2.png" style="width: 416px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17150i334D68395E426EC2/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture2.png" alt="Picture2.png" /></span></P> <P> </P> <P> </P> <P>Wait until the deployment is complete.</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture3.png" style="width: 533px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17148i1E105C046AA4B219/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture3.png" alt="Picture3.png" /></span></P> <P> </P> <P> </P> <P>Go to the Resource Group where the server was just created.</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture4.png" style="width: 539px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17149i8A31A6EA0EB964A2/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture4.png" alt="Picture4.png" /></span></P> <P> </P> <P> </P> <P>Click on the virtual machine just created.</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture5.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17152iA6A1078C59AB6BBD/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture5.png" alt="Picture5.png" /></span></P> <P>Copy the DNS name so you can SSH to it.</P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture6.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17153i1FF4D0EE9645B820/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture6.png" alt="Picture6.png" /></span></P> <P> </P> <P>Open a terminal window and SSH into the instance to finish the MineMeld installation. </P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture7.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17154i2AB568D5EF7AC438/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture7.png" alt="Picture7.png" /></span></P> <P> </P> <H2><A name="_Toc527131091"></A>Begin Manual Process</H2> <P>Deploy IP Tables by copy and pasting the following commands. Answer “yes” to save IPv4/IPv6 tables.</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo apt-get update && sudo apt-get install -y iptables-persistent</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -i lo -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p tcp -m tcp --dport 13514 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -P INPUT DROP</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo iptables -P FORWARD DROP</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo bash -c "iptables-save > /etc/iptables/rules.v4"</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo ip6tables -A INPUT -i lo -j ACCEPT</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo ip6tables -P INPUT DROP</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo ip6tables -P FORWARD DROP</FONT></STRONG><BR /><STRONG><FONT face="courier new,courier" color="#99CC00"> sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"</FONT></STRONG></P> <P> </P> <P> </P> <P>You may notice the following error:</P> <P> </P> <P><FONT face="courier new,courier"><EM>GPG error: <A href="http://minemeld-updates.panw.io" target="_blank">http://minemeld-updates.panw.io</A> trusty-minemeld InRelease: The following signatures were invalid: KEYEXPIRED</EM></FONT></P> <P> </P> <P>This will be addressed in a step below.</P> <P> </P> <P>Add the MineMeld rep GPG key to the APT trusted keyring:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">wget -qO - <A href="https://minemeld-updates.panw.io/gpg.key" target="_blank">https://minemeld-updates.panw.io/gpg.key</A> | sudo apt-key add -</FONT></STRONG></P> <P> </P> <P>Double check the GPG key fingerprint (should match characters in bold):</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">apt-key adv --fingerprint DD0DA1F9</FONT></STRONG><BR /> <EM>Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.W74MaAG3pI --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --fingerprint DD0DA1F9</EM><BR /><EM> pub 4096R/DD0DA1F9 2016-07-15</EM><BR /><EM>  Key fingerprint = <STRONG>E558 CE6E 3968 0F31 8F6C BFAC B401 E02E DD0D A1F9</STRONG></EM><BR /><EM> uid Palo Alto Networks, MineMeld Team <minemeld@paloaltonetworks.com></EM></P> <P> </P> <P>After verifying the key, add MineMeld to the APT repository:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo add-apt-repository "deb <A href="http://minemeld-updates.panw.io/ubuntu" target="_blank">http://minemeld-updates.panw.io/ubuntu</A> trusty-minemeld main"</FONT></STRONG></P> <P> </P> <P>Perform another update. </P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo apt-get update</FONT></STRONG></P> <P> </P> <P>Install PIP:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo apt-get install python-pip</FONT></STRONG></P> <P> </P> <P>Install MineMeld:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo apt-get update && sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize</FONT></STRONG></P> <P> </P> <H2><A name="_Toc527131092"></A>Downgrade PIP</H2> <P>Follow these steps to downgrade PIP to version 9.0.3. If PIP is not downgraded, you may not be able to log into the MineMeld WEB GUI after completion.</P> <P> </P> <P>Stop the MineMeld service:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo service minemeld stop</FONT></STRONG></P> <P> </P> <P>Downgrade PIP:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo -H -u minemeld /opt/minemeld/engine/current/bin/pip install pip==9.0.3</FONT></STRONG></P> <P> </P> <P>Start the MineMeld service:</P> <P> </P> <P><STRONG><FONT face="courier new,courier" color="#99CC00">sudo service minemeld start</FONT></STRONG></P> <P> </P> <H2><A name="_Toc527131093"></A>Access MineMeld</H2> <P>Using the Azure DNS name, browse to the MineMeld instance.</P> <P> </P> <P> </P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture8.png" style="width: 516px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/17155iE0AD18366572C8F4/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Picture8.png" alt="Picture8.png" /></span></P> <P> </P> <P> </P> <P>Login with the default credentials: admin / paloalto</P> <P> </P> <H1><A name="_Toc527131094"></A>References</H1> <P>Deploy Azure Template</P> <P><SPAN><A href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/78730">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/78730</A></SPAN></P> <P> </P> <P>Manually Deploy MineMeld</P> <P><SPAN><A href="https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14-04/ta-p/98454">https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14-04/ta-p/98454</A></SPAN></P> <P> </P> <P> </P> </DIV> Mon, 15 Oct 2018 15:04:00 GMT kwall00 2018-10-15T15:04:00Z How to Deploy MineMeld within Azure https://live.paloaltonetworks.com/t5/featured-articles/how-to-deploy-minemeld-within-azure/ta-p/235380 <P>Having trouble deploying MineMeld within Azure? Even with the helpful articles existing on this subject, you may still have trouble getting it to work. This article combines all of the required steps into one place. </P> Mon, 15 Oct 2018 15:04:00 GMT https://live.paloaltonetworks.com/t5/featured-articles/how-to-deploy-minemeld-within-azure/ta-p/235380 kwall00 2018-10-15T15:04:00Z