Minemeld Azure

L1 Bithead

Minemeld Azure

Hello,

 

I have a use case in which I need to create a custom miner for Azure, but only mine for uswest and uswest2 regions. Is this possible?

Thanks in advance

L7 Applicator

Re: Minemeld Azure

@AustinEngelmann 

Microsoft publishes this via a standard JSON file https://www.microsoft.com/en-us/download/details.aspx?id=56519that gets updated weekly. With the help of some parsing you could create a custom miner that takes the information in via the MNemeld API and script it rather easily. 

L1 Bithead

Re: Minemeld Azure

Any good documentation on how to do this. I am weak in scripting. Thank you for your help.

 

L7 Applicator

Re: Minemeld Azure

@AustinEngelmann,

I don't have an example off hand, but it looks like you should be able to parse the response relatively easily as they all have the "region" attribute you can filter on. There are plenty of examples on parsing JSON in Python and similar languages online. 

L1 Bithead

Re: Minemeld Azure

age_out:
default: null
interval: 257
sudden_death: true
attributes:
share_level: green
infilters:
- actions:
- accept
conditions:
- __method == 'withdraw'
name: accept withdraws
- actions:
- accept
conditions:
- type == 'IPv4'
- Region Name == 'uswest'
- actions:
- accept
conditions:
- type == 'IPv4'
- Region Name == 'uswest2'
- actions:
- drop
name: drop all

 

 

 

 

The above doesn't seem to work, although I'm trying to follow ->https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Filtering-Azure-IP-ranges-based-on-a-subse...

Any help is appreciated, I've broke my Minemeld twice in two days now.

 

Thanks

L1 Bithead

Re: Minemeld Azure

After some help I was able to get this going.

 

1. I used the miner prototype azure.cloudIPs to begin

2. Created new processor from stdlib.aggregatorIPv4Generic 

3. Modified the new processor config to filter (infilter) which azure regions I needed (in my case uswest and uswest2) I posted code at the bottom of this post.

4. Build output node using prototype stdlib.feedHCGreenWithValue

5. Connected miner to modified processor then to output

Currently the miner has 2595 Indicators but after going through processor output node has 326. I crosschecked against the Azure XML file and is correct

 

Code is below

uswest.PNG

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!