Replacing office 365 from XML and RSS with Restful API

Reply
Highlighted
L2 Linker

Replacing office 365 from XML and RSS with Restful API

Hi all, 

 

In view of the changes Microsoft is going to make in future as describe in the following link, would the current miner for O365 still works?

 

https://support.office.com/en-gb/article/managing-office-365-endpoints-99cab9d4-ef59-4207-9f2b-3728e...

 

 

L7 Applicator

Re: Replacing office 365 from XML and RSS with Restful API

Hi @chtoh82,

the new MSFT API is not production-ready yet. But we have already implemented the Miner for it:

https://github.com/PaloAltoNetworks/minemeld-core/issues/267

 

We will include it in a new release early next week.

 

luigi

L2 Linker

Re: Replacing office 365 from XML and RSS with Restful API

Thanks! Looking forward to it!

L1 Bithead

Re: Replacing office 365 from XML and RSS with Restful API

Hi Luigi, as i can see the prototype for those miners based on China, Gemany, US and worldwide are still in experimental. May I know whether we already mined and feeding those IP and domains to the O365 output? Thanks.

L1 Bithead

Re: Replacing office 365 from XML and RSS with Restful API

I tested the O365-API worldwide miner on the AF hosted minemeld:

# HTTPError: 400 Client Error: Bad Request


2018-08-16T11:00:52 (12932)basepoller.hup INFO: O365-Worldwide-Any-Service - hup received, force polling
2018-08-16T11:00:52 (12932)basepoller._huppable_wait INFO: hup is clear: False
2018-08-16T11:00:52 (12932)basepoller._actor_loop INFO: O365-Worldwide-Any-Service - command: 1534417252635 poll
2018-08-16T11:00:52 (12932)basepoller._polling_loop INFO: Polling O365-Worldwide-Any-Service
2018-08-16T11:00:52 (12932)connectionpool._new_conn INFO: Starting new HTTPS connection (1): endpoints.office.com
2018-08-16T11:00:52 (12932)basepoller._poll ERROR: Exception in polling loop for O365-Worldwide-Any-Service: 400 Client Error: Bad Request
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
performed = self._polling_loop()
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
iterator = self._build_iterator(now)
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/o365.py", line 352, in _build_iterator
latest_version = self._check_version()
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/o365.py", line 252, in _check_version
r.raise_for_status()
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/requests/models.py", line 851, in raise_for_status
raise HTTPError(http_error_msg, response=self)
HTTPError: 400 Client Error: Bad Request
2018-08-16T11:00:55 (12932)basepoller._polling_loop INFO: Polling O365-Worldwide-Any-Service
2018-08-16T11:00:55 (12932)connectionpool._new_conn INFO: Starting new HTTPS connection (1): endpoints.office.com
2018-08-16T11:00:55 (12932)basepoller._poll ERROR: Exception in polling loop for O365-Worldwide-Any-Service: 400 Client Error: Bad Request

 

Before posting this I tried China too, no difference. They all error out on the same thing.

L2 Linker

Re: Replacing office 365 from XML and RSS with Restful API

Same behavior on my MM.

L5 Sessionator

Re: Replacing office 365 from XML and RSS with Restful API

Hi @Fille01,

 

new O365 API Miners were officialy released with MineMeld version 0.9.50. Please, update your MineMeld instance before using the provided configuration files.

L5 Sessionator

Re: Replacing office 365 from XML and RSS with Restful API

L1 Bithead

Re: Replacing office 365 from XML and RSS with Restful API

Hello,

 

I used the AF hosted minemeld. However I changed to hosting one myself and that was updated, works OK.

L2 Linker

Re: Replacing office 365 from XML and RSS with Restful API

I also caught up with this 400 client error:bad request after replacing the scripts. I couldn't find version upgrade option in autofocus minemeld, can you share the link.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!