Printer Friendly Page

Introduction

MineMeld is an open-source tool from Palo Alto Networks to assist in threat feed aggregation and consumption. MineMeld’s “miners” are responsible for retrieving feed data on a defined basis and importing the data into MineMeld. Once imported, feeds are deduplicated and aggregated into one or more lists. After aggregation, the lists are published and ready for consumption by Palo Alto Networks firewalls. MineMeld may be run on-premise or in a public cloud. This article shows the step-by-step process for deploying MineMeld within the Azure public cloud. 

 

Deploy MineMeld to Azure

Deploy Template

Use the MineMeld ARM Template to deploy the required Ubuntu server into Azure.

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/7873...

 

Click “Deploy To Azure” to get started.

 

Picture1.png

 

 

After filling in the required information, select purchase to continue.

 

Picture2.png

 

 

Wait until the deployment is complete.

 

Picture3.png

 

 

Go to the Resource Group where the server was just created.

 

Picture4.png

 

 

Click on the virtual machine just created.

 

Picture5.png

Copy the DNS name so you can SSH to it.

 

Picture6.png

 

Open a terminal window and SSH into the instance to finish the MineMeld installation. 

 

Picture7.png

 

Begin Manual Process

Deploy IP Tables by copy and pasting the following commands. Answer “yes” to save IPv4/IPv6 tables.

 

sudo apt-get update && sudo apt-get install -y iptables-persistent
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 13514 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo bash -c "iptables-save > /etc/iptables/rules.v4"
sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -P INPUT DROP
sudo ip6tables -P FORWARD DROP
sudo bash -c "ip6tables-save > /etc/iptables/rules.v6"

 

 

You may notice the following error:

 

GPG error: http://minemeld-updates.panw.io trusty-minemeld InRelease: The following signatures were invalid: KEYEXPIRED

 

This will be addressed in a step below.

 

Add the MineMeld rep GPG key to the APT trusted keyring:

 

wget -qO - https://minemeld-updates.panw.io/gpg.key | sudo apt-key add -

 

Double check the GPG key fingerprint (should match characters in bold):

 

apt-key adv --fingerprint DD0DA1F9
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.W74MaAG3pI --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --fingerprint DD0DA1F9
pub 4096R/DD0DA1F9 2016-07-15
 Key fingerprint = E558 CE6E 3968 0F31 8F6C BFAC B401 E02E DD0D A1F9
uid Palo Alto Networks, MineMeld Team <minemeld@paloaltonetworks.com>

 

After verifying the key, add MineMeld to the APT repository:

 

sudo add-apt-repository "deb http://minemeld-updates.panw.io/ubuntu trusty-minemeld main"

 

Perform another update. 

 

sudo apt-get update

 

Install PIP:

 

sudo apt-get install python-pip

 

Install MineMeld:

 

sudo apt-get update && sudo apt-get install -y minemeld rsyslog-minemeld rsyslog-mmnormalize

 

Downgrade PIP

Follow these steps to downgrade PIP to version 9.0.3. If PIP is not downgraded, you may not be able to log into the MineMeld WEB GUI after completion.

 

Stop the MineMeld service:

 

sudo service minemeld stop

 

Downgrade PIP:

 

sudo -H -u minemeld /opt/minemeld/engine/current/bin/pip install pip==9.0.3

 

Start the MineMeld service:

 

sudo service minemeld start

 

Access MineMeld

Using the Azure DNS name, browse to the MineMeld instance.

 

 

Picture8.png

 

 

Login with the default credentials: admin / paloalto

 

References

Deploy Azure Template

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/7873...

 

Manually Deploy MineMeld

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14...

 

 

Ask Questions Get Answers Join the Live Community
Article Dashboard
Version history
Revision #:
1 of 1
Last update:
‎10-15-2018 08:04 AM
Updated by:
 
Contributors