Microsoft Azure Datacenter IP Ranges

Reply
L1 Bithead

Microsoft Azure Datacenter IP Ranges

Hi Luigi,

 

One of my customers needs to allow traffic to Microsoft Azure Datacenter IP Ranges for Microsoft Power Bi. Any plans to add a miner for it?

The URL source is http://www.microsoft.com/EN-US/DOWNLOAD/confirmation.aspx?id=41653

The file is in XML format

I tried to create a new prototype but I couldn't find an XML class. Are you planning to add it?

 

Thanks,

L7 Applicator

Re: Microsoft Azure Datacenter IP Ranges

Hi Mauricio,

there is no Miner for Azure IP Ranges yet, but it will be easy to add. It will be added for the next minor release, sometime next week.

I have created minemeld-core enhancement #14 to track this.

 

I have also created enhancement #15 and #16 to track development of Miner for GCE and Google IP ranges.

Re: Microsoft Azure Datacenter IP Ranges

Hi,

did you solve your issue? i also need to import azure ip range to palo.

thank you in advance

L7 Applicator

Re: Microsoft Azure Datacenter IP Ranges

Yes, Miners for GCE, Google IPs and Azure are now available in MineMeld.

L2 Linker

Re: Microsoft Azure Datacenter IP Ranges

@lmori

 

I can see the prototype for the azure ranges on the Github page. But how do I go about adding it into my minemeld config? Total rookie here.

 

Cheers

L7 Applicator

Re: Microsoft Azure Datacenter IP Ranges

Hi @El-ahrairah,

just go to CONFIG, press IMPORT and copy & paste the following. Click on APPEND and then COMMIT. After the COMMIT you will find a new output node under NODES called azureIPv4s with the list of IPs used by Azure.

 

 

nodes:
  azure_cloudIPs:
    inputs: []
    output: true
    prototype: azure.cloudIPs
  cloud_IPv4s:
    inputs:
      - azure_cloudIPs
    output: true
    prototype: stdlib.aggregatorIPv4Generic
  azureIPv4s:
    inputs:
      - cloud_IPv4s
    output: false
    prototype: stdlib.feedHCWithValue

 

L1 Bithead

Re: Microsoft Azure Datacenter IP Ranges

@lmori

 

Right now, there's only one miner for all Azure Datacenter IPs -- there's an opportunity to split by region (e.g. USWest, USEast, etc) so that Minemeld users can more granularly select what IPs they want.

 

Is there any thought to expanding out the miner definitions so that there's one per region?

 

Thanks!

 

 

L5 Sessionator

Re: Microsoft Azure Datacenter IP Ranges

@michaelseto : The azure miner attachs the azure_region attribute to the indicators. You can see it in the miner logs.

{
    "_age_out": 4294967295000,
    "confidence": 100,
    "azure_region": "uksouth",
    "share_level": "green",
    "_last_run": 1507016882946,
    "sources": [
        "azure.xml"
    ],
    "first_seen": 1507016882946,
    "type": "IPv4",
    "last_seen": 1507016882946
}

That means that you can use the output node input filter capabilities to accept/drop indicators based on that indicator's attribute value. For instance, the following 'infilters' configuration would only accept indicators for the region 'uksouth'

 

infilters:
-   actions:
    - accept
    conditions:
    - __method == 'withdraw'
    name: accept withdraws
-   actions:
    - accept
    conditions:
    - azure_region == 'uksouth'
    - share_level == 'green'
    name: accept azure IP for region uksouth
-   actions:
    - drop
    name: drop all
L1 Bithead

Re: Microsoft Azure Datacenter IP Ranges

Ah thank you @xhoms.

 

Your solution is more elegant than my own.

 

I ended up modifying some of the python (/opt/minemeld/engine/core/minemeld/ft/azure.py) and creating new miner prototypes per region.

 

At least I learned something? haha.

 

-Mike

L7 Applicator

Re: Microsoft Azure Datacenter IP Ranges

Hi @michaelseto,

nice ! could you send us a pull request on the github repo ?

 

luigi

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!