https://live.paloaltonetworks.com/t5/general-topics/minemeld-whitelist-not-working/m-p/266099#M96788 <P>I think I found a solution to this:</P><P>First of all I deleted rabbitmq, it is not necesarry anymore. After that I changed the requirements.txt(/&lt;mm dir&gt;/engine/core) file so newer versions are used:</P><P>pip&gt;=9.0.1<BR />amqp==2.5.0<BR />gevent==1.1.1<BR />greenlet==0.4.15<BR />hiredis==0.2.0<BR />PyYAML==3.11<BR />redis==2.10.6<BR />requests==2.20.0<BR />plyvel==0.9<BR />netaddr==0.7.18<BR />antlr4-python2-runtime==4.5.2<BR />jmespath==0.7.1<BR />click==4.1<BR />pan-python==0.10.0<BR />stix==1.2.0.6<BR />cybox==2.1.0.17<BR />six==1.11.0<BR />lxml==4.1.0<BR />stix-edh==1.0.1<BR />libtaxii==1.1.113<BR />pytz==2015.4<BR />certifi<BR />ujson==1.34<BR />filelock==2.0.4<BR />sleekxmpp==1.3.1<BR />beautifulsoup4==4.4.1<BR />cifsdk==2.0.0b7<BR />lz4==0.8.2<BR />networkx==1.11<BR />unicodecsv==0.14.1<BR />Werkzeug==0.12.2<BR />pyzmq==18.0.1</P><P>&nbsp;</P><P>After that cd /&lt;mm dir&gt;/engine/core &amp;&amp; /&lt;mm dir&gt;/engine/current/bin/python setup.py install.</P><P>&nbsp;</P><P>For me this seems to work on RedHat 7.6. You can remove traced logs by either mm-traced-purge --all or rm -rf /&lt;mm dir&gt;/local/traced. Restart minemeld with 'service minemeld restart'.</P><P>&nbsp;</P><P>Maybe it is a good idea to update the requirements in the git repository?</P> Tue, 04 Jun 2019 10:06:36 GMT folmer 2019-06-04T10:06:36Z https://live.paloaltonetworks.com/t5/general-topics/minemeld-whitelist-not-working/m-p/260122#M96787 <P>Hello,</P><P>&nbsp;</P><P>I have the problem that minemeld whitelists don't seem to work on our self-hosted minemeld version.</P><P>&nbsp;</P><P>I have the following setup:<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="removed miner names for privacy reasons" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/19904i0F3FFC57FB12D27C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="removed miner names for privacy reasons" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">removed miner names for privacy reasons</span></span></P><P>The wlDomeinAggregator contains a few domainnames, so they should be removed from the CEF output node.</P><P>&nbsp;</P><P>When investigating the issue I found out that no 'withdraw' event is triggered in the CEF node when a new whitelist entry is added. I am wondering why this doesn't happen. When an input miner(for example feodetrackr removes an IP) removes an IOC a 'withdraw' event is triggered for that IP.</P><P>&nbsp;</P><P>I tried different setups. I tried adding the input node(generic domain list) to the domainaggregator directly. I tried the localdb miner. Nothing seems to work.</P><P>&nbsp;</P><P>Help would be appreciated.</P><P>&nbsp;</P><P>Best regards,</P><P>&nbsp;</P><P>Folmer</P> Tue, 07 May 2019 14:24:03 GMT https://live.paloaltonetworks.com/t5/general-topics/minemeld-whitelist-not-working/m-p/260122#M96787 folmer 2019-05-07T14:24:03Z https://live.paloaltonetworks.com/t5/general-topics/minemeld-whitelist-not-working/m-p/266099#M96788 <P>I think I found a solution to this:</P><P>First of all I deleted rabbitmq, it is not necesarry anymore. After that I changed the requirements.txt(/&lt;mm dir&gt;/engine/core) file so newer versions are used:</P><P>pip&gt;=9.0.1<BR />amqp==2.5.0<BR />gevent==1.1.1<BR />greenlet==0.4.15<BR />hiredis==0.2.0<BR />PyYAML==3.11<BR />redis==2.10.6<BR />requests==2.20.0<BR />plyvel==0.9<BR />netaddr==0.7.18<BR />antlr4-python2-runtime==4.5.2<BR />jmespath==0.7.1<BR />click==4.1<BR />pan-python==0.10.0<BR />stix==1.2.0.6<BR />cybox==2.1.0.17<BR />six==1.11.0<BR />lxml==4.1.0<BR />stix-edh==1.0.1<BR />libtaxii==1.1.113<BR />pytz==2015.4<BR />certifi<BR />ujson==1.34<BR />filelock==2.0.4<BR />sleekxmpp==1.3.1<BR />beautifulsoup4==4.4.1<BR />cifsdk==2.0.0b7<BR />lz4==0.8.2<BR />networkx==1.11<BR />unicodecsv==0.14.1<BR />Werkzeug==0.12.2<BR />pyzmq==18.0.1</P><P>&nbsp;</P><P>After that cd /&lt;mm dir&gt;/engine/core &amp;&amp; /&lt;mm dir&gt;/engine/current/bin/python setup.py install.</P><P>&nbsp;</P><P>For me this seems to work on RedHat 7.6. You can remove traced logs by either mm-traced-purge --all or rm -rf /&lt;mm dir&gt;/local/traced. Restart minemeld with 'service minemeld restart'.</P><P>&nbsp;</P><P>Maybe it is a good idea to update the requirements in the git repository?</P> Tue, 04 Jun 2019 10:06:36 GMT https://live.paloaltonetworks.com/t5/general-topics/minemeld-whitelist-not-working/m-p/266099#M96788 folmer 2019-06-04T10:06:36Z