What's new in MineMeld 0.9.7

Reply
L7 Applicator

What's new in MineMeld 0.9.7

Release Date: 2016-03-24

 

How to update: Updating MineMeld

 

Nodes

- Miner for ProofPoint ET Pro feeds

- Miner for PAN-OS syslog messages, let you extract indicators from PAN-OS logs according to a set of rules

Screen Shot 2016-03-29 at 10.55.39.png

 

UI

- now you can add a new static indicator directly from the NODES page or using the log-links feature of PAN-OS

Screen Shot 2016-03-29 at 10.54.55.png

L3 Networker

Re: What's new in MineMeld 0.9.7

do you have the log link command to allow the firewall add static indicator directly to Minemeld ?

L7 Applicator

Re: What's new in MineMeld 0.9.7

Hi bartoq,

you can use something like this:

set deviceconfig system log-link MineMeld.Src url https://<minemeld address>/#/indicator/add?indicator={src}&indicatorType=IPv4

set deviceconfig system log-link MineMeld.Dst url https://<minemeld address>/#/indicator/add?indicator={dst}&indicatorType=IPv4

 

luigi

L1 Bithead

Re: What's new in MineMeld 0.9.7

Hi Luigi,

 

Could you also please show how the definition of a rule should look like ?

 

Axel.

L7 Applicator

Re: What's new in MineMeld 0.9.7

Hi Axel,

I am working on the documentation of the syslog miner, it should happen early next week.

 

Thanks,

luigi

L3 Networker

Re: What's new in MineMeld 0.9.7

hi Luigi,

where do I use the miner in the log link ? I only see the indicator type and IP address. shouldnt we configure the miner in the log link as well ?

Highlighted
L7 Applicator

Re: What's new in MineMeld 0.9.7

Hi bartoq,

the link will redirect to a MineMeld page where you can specify the Miners you want to add the indicator to.

 

Screen Shot 2016-04-18 at 09.32.52.png 

L3 Networker

Re: What's new in MineMeld 0.9.7

Revision on the log link commands, missing the double quotes.

 

set deviceconfig system log-link MineMeld.Src url "https://x.x.x.x/#/indicator/add?indicator={src}&indicatorType=IPv4"

set deviceconfig system log-link MineMeld.Dst url "https://x.x.x.x/#/indicator/add?indicator={dst}&indicatorType=IPv4"

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!