Is there anyone able to share on how to configure minemeld nodes to automate resolving/capturing the “*.google.com.*” dynamic IP address, so I could integrate with palo alto networks dynamic Block list feature to identify most of the google.com IP addresses.
I saw google.GCENetblocks and google.netBlocks in minemeld, but wondering if this cover “*.google.com.*”. I will wish to know how to add a customize minemeld node on youtude if possible. For example on http/https “*.youtube.com.*”.
Your help is very much appreciated. Thanks a lot.
google.netBlocks and google.GCENetBlocks retrieve the list of IP addresses used by Google services and Google GCE using DNS queries. Ref:
Is this your goal ?
Thanks for the information, yes this is on google. But how about Youtube.com, anyway we can set up a node on Youtube.com global list in the ProtoType?
Please let me know if this is possible in the minemeld.
I haven't found a way to obtain all the IPs used by Youtube. Wouldn't be better to control access using App-ID ? Or you need IPs ?
Customer would want to use PBF policy to route all Youtube Taffic to direct traffic to a specific Egress interface on the firewall.
The problem is our PBF policy dont have all APP-ID signature in it, such as Youtube, Facebook and etc.
understood. The problem is I can't find a good way to isolate the IPs used by Youtube from those used by other Google Services.
Do you have an idea on how to do that ?
I got a solution on this but it is a bit of work to do, we were need to create a new miner and proyotype as shown below:
Hope this make sense to you.
writing a Miner would be definitely possible, but the example shown in the github doc is for retrieving a list of URLs associated with a YouTube channel. You can't use those in a PBF. Would a list of URLs be enough ?
URLs will not be enough i was thinking of creating a miner/prototype to indicate all the youtube.com IP address in the miner to to make the Dynamic list works better. you have any insight on how this can works?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!