https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213216#M97932 <P>Hello,</P> <P>&nbsp;</P> <P>I'm using Minemeld <SPAN>0.9.44 and I would&nbsp;</SPAN>to get 'range' from the URL&nbsp;<A href="https://ips.zscaler.net/cenr/json" target="_blank">https://ips.zscaler.net/cenr/json</A>.</P> <P>After several attempts&nbsp;with JSON prototype, trying to&nbsp;set different&nbsp;extractor, field (indicator set as range).</P> <P>&nbsp;</P> <P>I'm still not able to get any information.</P> <P>&nbsp;</P> <P>Could you please let me know what is the best what to extract 'range'?&nbsp;</P> <P>&nbsp;</P> <P>Thank you<BR />Regards</P> <P>&nbsp;</P> Fri, 04 May 2018 17:39:59 GMT lvmh_onenetwork 2018-05-04T17:39:59Z https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213216#M97932 <P>Hello,</P> <P>&nbsp;</P> <P>I'm using Minemeld <SPAN>0.9.44 and I would&nbsp;</SPAN>to get 'range' from the URL&nbsp;<A href="https://ips.zscaler.net/cenr/json" target="_blank">https://ips.zscaler.net/cenr/json</A>.</P> <P>After several attempts&nbsp;with JSON prototype, trying to&nbsp;set different&nbsp;extractor, field (indicator set as range).</P> <P>&nbsp;</P> <P>I'm still not able to get any information.</P> <P>&nbsp;</P> <P>Could you please let me know what is the best what to extract 'range'?&nbsp;</P> <P>&nbsp;</P> <P>Thank you<BR />Regards</P> <P>&nbsp;</P> Fri, 04 May 2018 17:39:59 GMT https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213216#M97932 lvmh_onenetwork 2018-05-04T17:39:59Z https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213871#M97933 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/46321">@lvmh_onenetwork</a>,</P> <P>&nbsp;</P> <P>the following SimpleJSON based prototype works for me</P> <P>&nbsp;</P> <PRE>age_out: default: null interval: 257 sudden_death: true attributes: confidence: 100 share_level: green type: IPv4 extractor: '"zscaler.net".*.*[][]' indicator: range prefix: zs source_name: zscaler url: https://ips.zscaler.net/cenr/json </PRE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 10 May 2018 06:22:10 GMT https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213871#M97933 xhoms 2018-05-10T06:22:10Z https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213962#M97934 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/6710">@xhoms</a></P> <P>&nbsp;</P> <P>it works perfectly, but i'm not sure to understand the&nbsp;</P> <PRE>'"zscaler.net".*.*[][]'</PRE> <P>&nbsp;</P> <P>how does it works?&nbsp;</P> <P>&nbsp;</P> <P>Regards&nbsp;</P> Thu, 10 May 2018 19:45:41 GMT https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213962#M97934 lvmh_onenetwork 2018-05-10T19:45:41Z https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213976#M97935 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/46321">@lvmh_onenetwork</a>,</P> <P>&nbsp;</P> <P>are you familiar with JMESPath expressions? Do you know the site <A href="http://jmespath.org/" target="_self">http://jmespath.org/</A> ?</P> <P>&nbsp;</P> <P>I highly recommend you to paste the JSON code from the ZSCALER URL into the JMESPath interactive test site to play with different expressions.</P> <P>&nbsp;</P> <P>But, basically,</P> <UL> <LI>"zscaler.net" selects the root object</LI> <LI>.* selects any object inside "zscaler.net" ("continent : Europe", "continent : US &amp; Canada", ...)</LI> <LI>.* selects any object insite the continents ("city : Amsterdam", "city : Brussels", ...)</LI> </UL> <P>If you play in the interactive site you'll realize that "zscaler.net".*.* produces an array of continents containing each one of them an array of rages for each city.</P> <UL> <LI>[] is a flatten projection that removes the "city" dimension to achieve all ranges to be direct elements inside each "contient"</LI> <LI>the second [] flatten projection removes the "continent" dimension to achieve all ranges being direct elements of the top array.</LI> </UL> <P>The result is an array of ranges whose elements can be yielded into the MineMeld engine.</P> Thu, 10 May 2018 21:29:57 GMT https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/213976#M97935 xhoms 2018-05-10T21:29:57Z https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/214008#M97936 <P>Thank you for the detail.&nbsp; I will&nbsp;study that.</P> <P>&nbsp;</P> <P>Regards</P> Fri, 11 May 2018 06:32:47 GMT https://live.paloaltonetworks.com/t5/general-topics/zscaler-and-minemeld/m-p/214008#M97936 lvmh_onenetwork 2018-05-11T06:32:47Z