Managing False Positives from PAN-OS logs and more

Printer Friendly Page

You can use PAN-OS log-links feature to link your PAN-OS WebUI to MineMeld and search MineMeld logs or manage False Positive directly from PAN-OS logs view.

 

1. Searching MineMeld logs from PAN-OS Webui

In PAN-OS CLI use the following commands to create log-links for searching the source IP or destination IP of the session in MineMeld logs. Replace <minemeld-address> with the address of your MineMeld instance.

 

admin@ngfw> configure
admin@ngfw# set deviceconfig system log-link "MineMeld Search Src" url "https://<minemeld-address>/#/logs?q=indicator:{src}"
admin@ngfw# set deviceconfig system log-link "MineMeld Search Dst" url "https://<minemeld-address>/#/logs?q=indicator:{dst}"
admin@ngfw# commit
[...]

1.1. Demo

minemeld-search-from-logs.gif

 

 

2. Managing False Positives from PAN-OS WebUI

In PAN-OS CLI use the following commands to create log-links for addingthe source IP or destination IP of the session to MineMeld whitelists. Replace <minemeld-address> with the address of your MineMeld instance.

 

admin@ngfw> configure
admin@ngfw# set deviceconfig system log-link "MineMeld Src FP" url "https://<minemeld-address>/#/indicator/add?indicator={src}&indicatorType=IPv4"
admin@ngfw# set deviceconfig system log-link "MineMeld Dst FP" url "https://<minemeld-address>/#/indicator/add?indicator={dst}&indicatorType=IPv4"
admin@ngfw# commit
[...]

2.1. Demo

 minemeld-fp-from-logs.gif

 

 

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎02-09-2017 06:31 AM
Updated by:
 
Contributors