Office 365 - not updating indicators for onenote, identifty planner, crl's

Reply
L0 Member

Office 365 - not updating indicators for onenote, identifty planner, crl's

MineMeld is not retreiving indicators for o365 onenote, identity, planner, sway, office 365 video,  crl's runing version 0.9.20.

 

Is anyone having this issue?    I've installed a second server fresh install of MineMeld and i'm seeing  the exact same issue:

 

onenote.PNG

Polls via logs but does not parse the data

 2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_O365RemoteAnalyzers
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_O365ProPlus
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1):

support.content.office.net

2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_office365Video
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_crls
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_officeiPad
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_planner
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:14 (4124)basepoller._polling_loop INFO: Polling office365_officeOnline
2016-09-20T18:03:14 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_sway
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_oneNote
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_yammer
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_O365
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_identity
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_officeMobile
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_skypeBusinessOnline
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_sharepointOnline
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_exchangeOnline
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net
2016-09-20T18:03:16 (4124)basepoller._polling_loop INFO: Polling office365_exchangeOnlineProtection
2016-09-20T18:03:16 (4124)connectionpool._new_conn INFO: Starting new HTTPS connection (1): support.content.office.net

 

ubuntu@minemeld:/opt/minemeld/local/config$ more committed-config.yml
nodes:
office365_IPv4s:
inputs:
- office365_ipv4aggregator
output: false
prototype: stdlib.feedHCWithValue
office365_IPv6s:
inputs:
- office365_ipv6aggregator
output: false
prototype: stdlib.feedHCWithValue
office365_O365:
inputs: []
output: true
prototype: office365.O365
office365_O365ProPlus:
inputs: []
output: true
prototype: office365.O365ProPlus
office365_O365RemoteAnalyzers:
inputs: []
output: true
prototype: office365.O365RemoteAnalyzers
office365_URLaggregator:
inputs:
- office365_O365
- office365_exchangeOnline
- office365_exchangeOnlineProtection
- office365_O365ProPlus
- office365_O365RemoteAnalyzers
- office365_crls
- office365_identity
- office365_office365Video
- office365_officeMobile
- office365_officeOnline
- office365_officeiPad
- office365_oneNote
- office365_planner
- office365_sharepointOnline
- office365_skypeBusinessOnline
- office365_yammer
- office365_sway
output: true
prototype: stdlib.aggregatorURL
office365_URLs:
inputs:
- office365_URLaggregator
output: false
prototype: stdlib.feedHCWithValue
office365_crls:
inputs: []
output: true
prototype: office365.crls
office365_exchangeOnline:
inputs: []
output: true
prototype: office365.exchangeOnline
office365_exchangeOnlineProtection:
inputs: []
output: true
prototype: office365.exchangeOnlineProtection
office365_identity:
inputs: []
output: true
prototype: office365.identity
office365_ipv4aggregator:
inputs:
- office365_O365
- office365_exchangeOnline
- office365_exchangeOnlineProtection
- office365_crls
- office365_O365ProPlus
- office365_O365RemoteAnalyzers
- office365_identity
- office365_office365Video
- office365_officeMobile
- office365_officeOnline
- office365_officeiPad
- office365_oneNote
- office365_planner
- office365_sharepointOnline
- office365_skypeBusinessOnline
- office365_sway
- office365_yammer
output: true
prototype: stdlib.aggregatorIPv4Generic
office365_ipv6aggregator:
inputs:
- office365_O365
- office365_exchangeOnline
- office365_exchangeOnlineProtection
- office365_O365ProPlus
- office365_O365RemoteAnalyzers
- office365_identity
- office365_crls
- office365_office365Video
- office365_officeMobile
- office365_officeOnline
- office365_officeiPad
- office365_oneNote
- office365_planner
- office365_sharepointOnline
- office365_skypeBusinessOnline
- office365_sway
- office365_yammer
output: true
prototype: stdlib.aggregatorIPv6Simple
office365_office365Video:
inputs: []
output: true
prototype: office365.office365Video
office365_officeMobile:
inputs: []
output: true
prototype: office365.officeMobile
office365_officeOnline:
inputs: []
output: true
prototype: office365.officeOnline
office365_officeiPad:
inputs: []
output: true
prototype: office365.officeiPad
office365_oneNote:
inputs: []
output: true
prototype: office365.oneNote
office365_planner:
inputs: []
output: true
prototype: office365.planner
office365_sharepointOnline:
inputs: []
output: true
prototype: office365.sharepointOnline
office365_skypeBusinessOnline:
inputs: []
output: true
prototype: office365.skypeBusinessOnline
office365_sway:
inputs: []
output: true
prototype: office365.sway
office365_yammer:
inputs: []
output: true
prototype: office365.yammer
ubuntu@minemeld:/opt/minemeld/local/config$

Highlighted
L7 Applicator

Re: Office 365 - not updating indicators for onenote, identifty planner, crl's

@rtobin there is a major disalignment on the Microsoft website between what is published on the HTML pages and the contents of the XML file monitored by MineMeld. Microsoft has been notified.

 

Note that all the identity service FQDNs and CRL FQDNs have been moved to the O365 service, if you have a Miner for that you should be good.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!