Reply
L4 Transporter
Posts: 286
Registered: ‎03-02-2010

Really good tool!

[ Edited ]

Hi,

This is an really good tool for managing dynamic lists.
So far I have tested a basic setup and I have a few comments/suggestions.

 

* How do I change the ssl certificate for MineMeld.

* Will you also implement domain blocklists soons (currently running 7.1 beta).
* How about making our own miner. Information about this.
* Will you also support ipv6?

 

Just a few things that I thought of.

Thanks for this great tool. Looking forward to the development!


/Jo Christian

L7 Applicator
Posts: 951
Registered: ‎03-03-2011

Re: Really good tool!

Thanks ! We are glad you like it !

 

1) cetificate and private key are stored in /etc/nginx/minemeld.cer and /etc/nginx/minemeld.pem. You can just replace them with your cert and private key and "sudo service nginx reload"

 

2) already supported. zeustracker.baddomains, autofocus.exportlist produce also domains. If you have a specific domain feed you are interested in, please let me know. If you look at the autofocus video, you can find instructions on how to add a new subgraph for handling domains (domain aggregator + output feeds)

https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Video-MineMeld-on-AWS-amp-Autofocus-Export...

 

3) 2 ways to do this: writing your own prototype with a configuration of an existing miner class or write your own full miner, if the protocol or format of the feed is not supported yet by one of the existing miner classes. We are working on the documentation for both options. Stay tuned, at least for the first option it will be just a matter of days. Some users have already started contributing prototypes, but with the docs it will be much easier for everyone :-)

 

4) IPv6 is already supported to some extent, there are still some glitches we are working on. A full IPv6 aggregator is in roadmap.

 

Thanks again,

Luigi

Highlighted
L4 Transporter
Posts: 286
Registered: ‎03-02-2010

Re: Really good tool!

Hi,

 

Thanks for your update.
I downloaded the ova file, and I noticed now that there are many updates for this Ubuntu image.
Could I get any problems updating the packages in Ubuntu outdated, with Minemeld?

 

/Jo Christian

L7 Applicator
Posts: 951
Registered: ‎03-03-2011

Re: Really good tool!

Absolutely, you can also use Ubuntu mechanism to automatically install security updates:

http://askubuntu.com/questions/194/how-can-i-install-just-security-updates-from-the-command-line

L4 Transporter
Posts: 286
Registered: ‎03-02-2010

Re: Really good tool!

[ Edited ]

Perfect!

Regarding url/domain lists I have used this one in 7.1 beta. Looks good.

https://openphish.com/feed.txt  <-- URL feed


Maybe something to add to Minemeld?

 

 

/Jo Christian

L7 Applicator
Posts: 951
Registered: ‎03-03-2011

Re: Really good tool!

Thanks ! I have just added the prototype to the library.

You will find a miner for it in the next release. It generates URL indicators.

L4 Transporter
Posts: 286
Registered: ‎03-02-2010

Re: Really good tool!

Nice! :-)

BTW, I found openphish, and a few other feeds that I am testing on this webpage:

https://zeltser.com/malicious-ip-blocklists/
A few of them could be quite interesting to add to Minemeld.

 

/Jo Christian

L7 Applicator
Posts: 951
Registered: ‎03-03-2011

Re: Really good tool!

Thanks, we will take a look at those.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!