Is it possible to chain a syslog input\miner to a DAG output?
Scenario is I'd like to forward critical Threats to MineMeld to block the source address permanently (or at least longer than the max 3,600 seconds available as a block-ip IPS action) by bouncing back a DAG update (or failing that by adding to an EDL source etc).
I have a way of doing this currently but it's a bit complex, so hoping I can do so within MM.
Solved! Go to Solution.
check this article to do this via HTTP Log forwarding from PAN-OS:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!