MineMeld End-of-Life Announcement

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
L1 Bithead

minemeld-end-of-life_LIVEcommunity.jpg

 

Palo Alto Networks announces the end-of-life of the hosted MineMeld™ application in AutoFocus™ on August 1, 2021. We are hoping you already picked a transition path based on email communications that were sent out regarding this announcement. If not, we are providing a list of recommended migration options, including our new Cortex™ XSOAR Threat Intel Management offering.

 

 

 

What Happens Now?

The hosted MineMeld application in AutoFocus will remain active through July 31, 2021. The open-source version of Minemeld will continue to exist and be supported by the open source community. As part of this process, we will guide you through every step of your migration. Here are a few options for your consideration if you have not been able to decide the migration path yet:

 

Option 1

ryclough_0-1626288823769.png

 

 

 Upgrade to Cortex XSOAR Threat Intel Management with a limited-time discount offer. 

Option 2

 

ryclough_1-1626288823932.png

 

 

Try the Cortex XSOAR Community Edition for free to test-drive how Cortex XSOAR Threat Intel Management can fulfill your MineMeld needs and many other use cases.

 

Option 3

 

ryclough_2-1626288823930.png

 

Migrate to an Open-Source instance of MineMeld, which is maintained by the open-source community.

 

 

What is Cortex XSOAR Threat Intel Management?

Cortex XSOAR takes a new approach with native threat intelligence management, unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation. All existing integrations and use cases from hosted MineMeld have been ported to Cortex XSOAR Threat Intelligence Management to ensure continuity of existing use cases.

 

Migration Support

If you choose to upgrade to Cortex XSOAR Threat Intel Management:

  • Your customer success representative will guide you through the migration and complete the final cutover based on your approval.
  • Professional Services are available for a white glove migration experience.
  • We’ll continue to maintain your existing MineMeld environment until your migration is complete.

 

Pricing and Licensing

  • You will continue to own AutoFocus per your original contract term.
  • We are offering a limited-time offer to trade up to Cortex XSOAR. Your local account representative will be in touch with more details.

 

Resources for More Information:

 

MineMeld Migration FAQ

Q: What will happen to MineMeld?

The hosted MineMeld application is going to be removed from AutoFocus on 08/01/21. 

 

Q: What is the migration path for existing AutoFocus MineMeld customers?

  • Your customer success representative will guide you through the migration and complete the final cutover based on your approval.
  • Professional Services are available for a white glove migration experience.
  • We’ll continue to maintain your existing MineMeld environment until your migration is complete.

 

Q: Will MineMeld be offered as part of Cortex XSOAR?

No. Hosted Minemeld will reach end of life on 08/01/21. XSOAR Threat Intel Management offers more capabilities than MineMeld, and is a superior choice. Get more details from the datasheet.

 

Q: Can we still use the open-source version of MineMeld?

Yes. You still have access to the open-source version, but you will have to download & maintain the application yourself. Palo Alto Networks will not support this version, it will be managed by the open source community.

 

Q: When we upgrade to XSOAR Threat Intel Management, do we get access to AutoFocus?

Yes, XSOAR Threat Intel Management includes a single AutoFocus user license. Additional AutoFocus user licenses can be purchased if needed.

 

Q: I have heavy customization done on my MineMeld instance, does that get migrated to TIM?

Yes, custom MineMeld miners & prototypes can be migrated to Cortex XSOAR Threat Intel Management. Any custom miners & prototypes will need to be ported to XSOAR and our Professional Services team can help you with the process.

 

Q: Is XSOAR Threat Intel Management on-prem or cloud based?

XSOAR Threat Intel Management is available both on-prem and in the cloud.

 

Q: I have created Office 365 EDLs in my MineMeld environment, will those be migrated to XSOAR Threat Intel Management?

Yes. This capability is available out of the box with Cortex XSOAR pre-built playbooks and content packs.

 

Q: Is the limited time discount available for all types of deployments

No. The limited time discount is only available to existing AutoFocus customers who choose to migrate to Cortex XSOAR.

 

Q: What will I gain if we choose to migrate?

A lot!:

  • If you bought AutoFocus for MineMeld, it's a no-brainer. As you know, MineMeld is  not easy to configure and manage; Cortex XSOAR native intel management integration is way better. With more than 550+ third-party integrations, customization of indicators, intel-based automated playbooks, and easy management, the possibilities are endless.
  • Bonus play! AutoFocus threat feed will be available out of the box with Cortex XSOAR, you will get instant access to the high fidelity Palo Alto Networks threat intel and can converge it with internal incident alerts,
  • With the open and extensible Cortex XSOAR platform, AutoFocus users can easily upgrade (with zero impact) to enjoy enterprise-class automation and orchestration, real-time collaboration, and case management. 

 

We’re committed to providing expert support, migration assistance and the best possible experience as you transition from hosted MineMeld to your preferred option. Please contact your Palo Alto Networks sales representative if you have any questions or send an email to minemeldupgrade@paloaltonetworks if you need immediate assistance.

 

Best regards,

The Palo Alto Networks Team

 

19 Comments

Why almost all useful article and discussions in MineMeld sections are archived and showing this message?

L2 Linker

Yeah, there's a boat load of links out on the net that point back to Palo Alto, as a source of reference, and all we get is this stupid EoL message.  That's a really crappy thing to do to your user community, especially those who don't have the budget to migrate.

L2 Linker

Just a FYI: I found this service on the /r/paloaltonetworks subredit -which is a SaaS based EDL manager that works like Minemeld for $150/yr.  

 

https://www.edlmanager.com/

 

Works great, and they have lots of ready to use templates of all the major cloud providers.  

L0 Member

For those who were using MineMeld exclusively for creating O365 EDLs, Palo Alto is now publishing those through EDL Hosting Service. 
EDL Hosting Service (paloaltonetworks.com)

L2 Linker

Bruce,  I appreciate that immensely, however, the firm I work for doesn't like relying on outside vendors anymore than we have to.  Besides, Palo Alto doesn't have to redirect every stinking useful link to the EoL message.  That shows very little respect for their customer base.  

L2 Linker

I wonder if they're going to offer something for Azure?

@bwsaloum,

 

It looks like the Wayback Machine can be used to restore some of the articles. I was able to restore the guide for installing MineMeld in docker - http://web.archive.org/web/*/https://live.paloaltonetworks.com/t5/minemeld-articles/running-minemeld...

 

The limitation is that you need to have the link to the original artical, but I was dumb enough to not save any bookmarks... If you have any you can try if there is copy in the wayback machine.

L0 Member

Last version of this article can be found in https://web.archive.org/web/20210123122437/https://live.paloaltonetworks.com/t5/MineMeld-Articles/Pa...

 

By the way, the link to open-source instance of minemeld follows you to the page of PaloAlto supported Tools but Minemeld is not on anymore, so...

L2 Linker

awesome.....

I just discovered that this minemeld community page been canned when landing here.

 

The Option 3 links above show old link (https://live.paloaltonetworks.com/t5/minemeld/ct-p/MineMeld) and contrary to what is being said it looks absolutely chopped and redirecting.

Disappointing. 

 

I guess their Github page would be the only details on open source projects that palo supporting and repositories relating to minemeld? (https://github.com/orgs/PaloAltoNetworks/repositories?q=minemeld&type=all&language=&sort=).

 

No updates to minemeld-docker though since Feb 2020 though?

Paul_Stinson_0-1641953809861.png

I assume if no further updates to the docker image ( thinking of all the lovely vulnerabilities possibly building up there ) that you need to move to a build from source code option instead.

 

Paul_Stinson_1-1641954041295.png

Only main core looks reasonably updated however....so suspecting this project will eventually die without more community dev efforts.

 

Paul_Stinson_2-1641954117168.pngPaul_Stinson_3-1641954141493.png

 

 

L7 Applicator

@Paul_Stinson and others who are having issues with Option 3.. an Open Source version of MineMeld.. 

Please use the new link I just changed.. which is this:

https://github.com/PaloAltoNetworks/minemeld/wiki

 

I hope this helps

L2 Linker

Many thanks! @jdelio 

L2 Linker

@jdelio 

Looks like the open source route is pretty much dead for Minemeld as well. Wiki Page has links back to palo Alto site within it and doesn't mention docker path for getting software running (from what i could see)

 

We use the Docker method here as I had issues with the Ansible path after only a few months use with package dependencies issues when patching for security vulnerabilities,  but know that docker image has numerous security vulnerabilities in it (that do not appear to be getting addressed).

 

Noted on Github Projects though, comments in each project indicate project been basically abandoned?

 

If following the ansible route you have the following

https://github.com/PaloAltoNetworks/minemeld-ansible/issues

https://github.com/PaloAltoNetworks/minemeld-ansible/issues/85 (this one specifically calls out some of the issues with current build especially the python2 and not keeping current with certain packages).

 

Docker Project also shows no real change in months and mentions the vulnerabilities around ubuntu base OS and config issues.

 

Paul_Stinson_0-1642128060097.png

 

Since there is no main page on Palo Alto LIVECommunity site anymore or any of the historical data, people would be missing the wealth of information that was posted here along with solutions to common problems that have been seen. It would have been nice to leave it up at least as an Archive with clear notes that they project is NO longer being maintained and direct people to your paid products as this is where work is actively being done. 

 

This application will keep working obviously for the moment but people will need to look to alternatives for EDL threat collation and publish options or roll something themselves to solve the issue if they do not have budget for something like Cortex XSOAR.

 

I doubt many small to medium business places will be placing more budget on the Cortex XSOAR as a replacement unless they already have an investment in other Palo Alto Cloud offerings. I know our company has just removed Cortex Traps for example as a budget saving option ( despite the numerous improvements we have noted over the past 2-3years). 

 

@jdelio many thanks though for updating my original post. I've bookmarked the github projects for now and will keep an eye on any progress there if it is still being worked on. 

 

** I would also like to say I'm not a developer so I have not personally contributed to the github project but I did keep an eye on the LIVEcommunity landing page and posts that was placed here in the past.

I am appreciative of what was a god send to us engineers to collate easily numerous sources of information whether for block or allow lists while de-duping and outputting data in format we wanted it to be ingested in.

 

L4 Transporter

Xsoar seems like a much bigger system than Minemeld or Autofocus.  A simple list aggregator and EDL formatter is all i need.

L1 Bithead

Hello

 

what do you think about the use of EDL prepared by Palo Alto for the major SaaS providers ?

 

https://docs.paloaltonetworks.com/resources/edl-hosting-service

 

is there someone already using it since few months ?

Hi @Farouk.Kahoul ,

I haven't yet migrate all of our EDLs, but we already use a few EDLs and I would say they work flawlessly.

Cyber Elite
Cyber Elite

Hi @jdelio ,

 

The go.paloaltonetworks.com/minemeld links in the 1st 2 URLs and the MineMeld Live Community Page in the 3rd URL do not work anymore.

 

https://github.com/PaloAltoNetworks/minemeld

https://github.com/PaloAltoNetworks/minemeld/wiki/User's-Guide

https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld

 

I thought they used to point to a Live Community page for MineMeld, which was very cool.  Do you know what happened to it?

 

Thanks,

 

Tom

L2 Linker
Yeah they turfed it a while back....older posts are in the general live community if you search for minemeld. We posted a few things a while back and someone fixed up the github page to have some correct links and info as it was just totally chopped one day....
They promote their commercial product on site now rather than minemeld which also hasn't really had any changes to it since 2years ago.
I personally run the docker version as this is then containerized and isolated on my network (to prevent vulnerabilities being exploited from local network) and does the job we want for the moment.
A lot of EDL's are up on their site now that you can consume direct for free but it doesn't allow for de-aggregation for example if you have several threat feeds or some custom intelligence that you want to scrape.
Their commercial product = https://www.paloaltonetworks.com/cortex/threat-intel-management
Looks good but would need to convince some people that ROI is worth it over our current needs.....
Cyber Elite
Cyber Elite

Hi @Paul_Stinson ,

 

Thank you for the info!  I wonder if they want the URLs to point to the generic Live Community page?  I am disappointed the MineMeld community page was removed.  The Live Community is a great support system.

 

Thanks,

 

Tom

Cyber Elite
Cyber Elite

Hi all,

 

I recently heard from a PANW source that development has ceased on MineMeld, and they want users to migrate to Cortex XSOAR TIM.  While I applaud the decision because it means more features, it ain't gonna happen without a plan.

 

There is no plan now.  With the price of the new product, existing and even new users will still spin up MineMeld for years and years to come.  The phasing out of community support will only add more frustration, but not enough to make the move.

 

A good plan would be as follows:

 

  1. Lift the restrictions on Cortex XSOAR Community Edition with regard to active feeds and indicators per feed so that all current MineMeld users will get an equivalent (as much as possible) free product.  https://start.paloaltonetworks.com/rs/531-OCS-018/images/Cortex_XSOAR_Community_Edition_FAQ.pdf
  2. Make the strategy clear on the current MineMeld URLs and link then to the Cortex XSOAR community page.  https://live.paloaltonetworks.com/t5/cortex-xsoar/ct-p/Cortex_XSOAR
  3. Promote easy, free migration tools to move users from MineMeld to XSOAR TIM.

Hopefully, all the MineMeld users will move to XSOAR TIM.  Some customers will be very happy to use the community edition.  Others will make the move to the paid version for additional features.  The XSOAR TIM user base will increase.  I see this as a win/win.

 

Thanks,

 

Tom

  • 47965 Views
  • 19 comments
  • 1 Likes
Register or Sign-in
Labels