https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/162595#M99036 <P>Hi Imori thank a lot for your quick response.</P><P>&nbsp;</P><P>In fact I already install CEF extension, and I can create a node with this output</P><P>&nbsp;</P><P>CLASS mmcef.node.Output</P><P>PROTOTYPE cef.testCEF</P><P>STATE started</P><P># INDICATORS 938</P><P>&nbsp;</P><P>But this node doesn´t not give me a list or other information, I just can see all LOGS of this output in the upper right corner.</P><P>&nbsp;</P><P>What´s next from here, I didn´t find information about that; how can I forward this output to RSA or Where does this logs are stored to see if I can get them and send to RSA</P><P>&nbsp;</P><P>&nbsp;</P><P>Greetings</P> Wed, 21 Jun 2017 21:55:51 GMT vhgambit 2017-06-21T21:55:51Z https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/161457#M99034 <P>I want to forward the output of output nodes in minemeld to SIEM, I want to see the output indicators in Security Analytics to create rules and when an indicator match generate an alert, actually I have configured PaloAlto Firrewalls with Dynamic List but I would like to send output indicators to SIEM</P> Thu, 15 Jun 2017 23:35:45 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/161457#M99034 vhgambit 2017-06-15T23:35:45Z https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/161942#M99035 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/66450">@vhgambit</a>,</P> <P>you could try 2 methods:</P> <UL> <LI>use the CEF extension for MineMeld to generate indicators in CEF format and forward them to RSA (<A href="https://github.com/PaloAltoNetworks/minemeld-cef" target="_blank">https://github.com/PaloAltoNetworks/minemeld-cef</A>)</LI> <LI>starting from 0.9.40, MineMeld supports generating feeds in CSV format. RSA Security Analytics should be able to ingest feeds in CSV (<A href="https://community.rsa.com/docs/DOC-54891" target="_blank">https://community.rsa.com/docs/DOC-54891</A>)</LI> </UL> Mon, 19 Jun 2017 12:55:32 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/161942#M99035 lmori 2017-06-19T12:55:32Z https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/162595#M99036 <P>Hi Imori thank a lot for your quick response.</P><P>&nbsp;</P><P>In fact I already install CEF extension, and I can create a node with this output</P><P>&nbsp;</P><P>CLASS mmcef.node.Output</P><P>PROTOTYPE cef.testCEF</P><P>STATE started</P><P># INDICATORS 938</P><P>&nbsp;</P><P>But this node doesn´t not give me a list or other information, I just can see all LOGS of this output in the upper right corner.</P><P>&nbsp;</P><P>What´s next from here, I didn´t find information about that; how can I forward this output to RSA or Where does this logs are stored to see if I can get them and send to RSA</P><P>&nbsp;</P><P>&nbsp;</P><P>Greetings</P> Wed, 21 Jun 2017 21:55:51 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/162595#M99036 vhgambit 2017-06-21T21:55:51Z https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/162778#M99037 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/66450">@vhgambit</a>,</P> <P>you should customize the cef.testCEF prototype to specify the host, port and protocol to communicate with your RSA SIEM.</P> <P>You can do this by:</P> <P>- click on CONFIG</P> <P>- click on the hamburger icon in the bottom right corner</P> <P>- search for &nbsp;testCEF and click on it</P> <P>- click on NEW (not CLONE)</P> <P>- modify the config and specify host, port and protocol of the SIEM</P> <P>- click OK</P> <P>- create a new output node with the new prototype</P> Thu, 22 Jun 2017 16:25:07 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-configure-minemeld-to-forward-logs-to-rsa-security/m-p/162778#M99037 lmori 2017-06-22T16:25:07Z