DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to?

Reply
L1 Bithead

DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to?

Regarding DAGPusher Output node.

 

I don't mean to hit anyone with a firehose but I have several questions I'm having trouble finding the answers to regarding the DAGPusher Output node in MineMeld. It's my understanding this node will allow MineMeld to add IPs to a Dyanmic Address Group object on a PA.

 

Is there any documentation for this module?

How is the desired Dyanmic Address Group object on the target PA specified?

How is the vsys specified? When adding a new "handled device" vsys isn't listed but after adding there is a column for it.

Is there a minimum PA software version for this to work?

Can the a PA API key be utilized instead of user password?

 

I'm doing some testing and can see where to add "handled devices"; however, as of yet I'm not seeing entries being pushed to my lab pa after providing the ssh credentials. I'm interested the expected behavior  of this module.

 

*EDIT*

After switching from FQDN for hostname to IPv4 address, I'm now seeing entries being pushed looks like it's pushing the IPs to the following tags by default;

     "mmld_confidence_high"
     "mmld_direction_unknown"
     "mmld_pushed"

 

I'm assuming then I will need to modify the prototype to specifcy a different tag. Any info on what 'config/variables' I would need to set to change or add a different tag?

 

 

L5 Sessionator

Re: DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to

Hi @PA-User, I'm working on a new article describing all hidden secrets of the DAGPusher node. It will contain answers to all your questions.

L1 Bithead

Re: DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to

I was hoping you'd chime in; you've been immensly helpful!

 

Is that something you were hoping to publish this week yet or is it still a work in progress?

L5 Sessionator

Re: DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to

I'm finishing it. It should be published this week.

L1 Bithead

Re: DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to

Awesome! Looking forward to that. I've been managing  DAG (Dynamic Address Group) objects in PA with some homebrew scripting up to now. Hoping to let minemeld take over some of that.

 

I've got one more question to add if it's not too much trouble -- maybe you were already addressing this. Does the DAGPusher node remove IPs registered to a DAG that are no longer present because they have been removed from the list?

 

My experience has been that adding IPs to DAGs via API is super easy but then the care and feeding of syncing the lists takes a bit more scripting and verification. I'curious whether DAGPusher removes IPs that have been removed from it's list.

L5 Sessionator

Re: DAGPusher - Questions; API Key? How to specify what Dynamic address group object to apply IPs to

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!