https://live.paloaltonetworks.com/t5/general-topics/minemeld-automatic-updates-required-for-future-azure-public-ip/m-p/422710#M94906 <P>We have a JSON file&nbsp; from the URL below which is updated weekly:</P> <P><A href="https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519" target="_blank">https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519</A></P> <P>&nbsp;</P> <P>Ideally, we would like to pull a list of IPV4 IP addresses out from the section&nbsp;&nbsp;"name": "AzureIoTHub", which needs to be converted into EDL format by MineMeld. The list of IPs can then be referenced in the security policies in Palo Alto.</P> <P>&nbsp;</P> <P>Does anyone how to set up a customised prototype in Minemeld?</P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> Wed, 28 Jul 2021 16:19:46 GMT Yongjie 2021-07-28T16:19:46Z https://live.paloaltonetworks.com/t5/general-topics/minemeld-automatic-updates-required-for-future-azure-public-ip/m-p/422710#M94906 <P>We have a JSON file&nbsp; from the URL below which is updated weekly:</P> <P><A href="https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519" target="_blank">https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519</A></P> <P>&nbsp;</P> <P>Ideally, we would like to pull a list of IPV4 IP addresses out from the section&nbsp;&nbsp;"name": "AzureIoTHub", which needs to be converted into EDL format by MineMeld. The list of IPs can then be referenced in the security policies in Palo Alto.</P> <P>&nbsp;</P> <P>Does anyone how to set up a customised prototype in Minemeld?</P> <P>&nbsp;</P> <P>Thanks</P> <P>&nbsp;</P> Wed, 28 Jul 2021 16:19:46 GMT https://live.paloaltonetworks.com/t5/general-topics/minemeld-automatic-updates-required-for-future-azure-public-ip/m-p/422710#M94906 Yongjie 2021-07-28T16:19:46Z https://live.paloaltonetworks.com/t5/general-topics/minemeld-automatic-updates-required-for-future-azure-public-ip/m-p/427062#M94907 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/187977">@Yongjie</a> ,</P> <P>&nbsp;</P> <P>What version of MineMeld are you running?</P> <P>If you are running one of the laters you should be able to use the build-in miner Azure IPs. In previous version MineMeld was mining old URL that was not providing the what information for what service was used the IP range. But in the recent version (not sure since when) it is supporting service tag.</P> <P>&nbsp;</P> <P>- You should see azure.cloudIPsWithServiceTags miner prototype</P> <P>- You can clone it to create miner, that will mine the entire json file and filter the service you need on the output</P> <P>- Using one of the standard output prototype create new and add filter condition to accept only prefixes with service tag of your choise.</P> <P>&nbsp;</P> <P>Below is example I am using for output only Azure CosmosDB.</P> <P>&nbsp;</P> <LI-CODE lang="markup">infilters: - actions: - accept conditions: - __method == 'withdraw' name: accept withdraws - actions: - accept conditions: - type == 'IPv4' - azure_system_service == 'AzureCosmosDB' - azure_region == 'westeurope' name: accept AzureCosmosDB IPv4 - actions: - drop name: drop all store_value: true </LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>Note you can check the correct serive name from the original JSON.</P> Mon, 16 Aug 2021 13:24:59 GMT https://live.paloaltonetworks.com/t5/general-topics/minemeld-automatic-updates-required-for-future-azure-public-ip/m-p/427062#M94907 aleksandar.astardzhiev 2021-08-16T13:24:59Z