Reply
Highlighted
L0 Member
Posts: 2
Registered: ‎08-04-2017

Where to mine all O365 endpoints?

[ Edited ]

Hi dear community,

I just implemented MineMeld server and configured EDLs and test policies.

For the MineMeld I used "o365-api-any-any.txt" from https://paloaltonetworks.app.box.com/s/ywkh7rc2rj0kyl0qetr6m6ag3akxvvx6/folder/51988433336.

Does anybody know if it's enough for all O365 endpoints, or I'm missing something? i still see that some endpoints are missing (e.g. some MS Office activation servers; IP: 40.77.226.250, 40.69.153.67)

 

Thanks!

L7 Applicator
Posts: 951
Registered: ‎03-03-2011

Re: Where to mine all O365 endpoints

Hi @Oleksand1,

thanks for reporting, do you have the URL associated to those IPs?

 

luigi

L0 Member
Posts: 2
Registered: ‎08-04-2017

Re: Where to mine all O365 endpoints

[ Edited ]

Hello @lmori

 

"Resolve Hostname" results in co2.sls.microsoft.com.

 

Thanks!

L7 Applicator
Posts: 951
Registered: ‎03-03-2011

Re: Where to mine all O365 endpoints

Hi @Oleksand1,

are you using both URL and IP in enabling policies? Both are needed.

In the microsoft endpoint list there is an endpoint for activation, but it is only specified as a URL:

activation.sls.microsoft.com

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!