Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Adding a sub-graph for IPv4 outbound indicators

The simple, default config included in MineMeld VM creates a graph to process IPv4 indicators for inbound connections, typically used to filter out scanning hosts or well known brute force attackers. For IPv4 indicators for outbound connections we can define a new sub-graph with its own set of output feeds. These new set of feeds can then be used in the destination part of the PAN-OS security policies.

1. Adding an outbound IPv4 aggregator

Under CONFIG press +. Configure a new node with prototype stdlib.aggregatorIPv4Outbound and Output enabled.

Screen Shot 2016-01-04 at 15.53.35.png

2. Adding a set of feeds

Under CONFIG add 3 new nodes (HC, MC and LC) for the output feeds and select the node created at point 1 as Input.

First node with stdlib.feedHCGreenWithValue as prototype

Screen Shot 2016-01-04 at 15.54.17.png

Second node with stdlib.feedMCGreenWithValue as prototype

Screen Shot 2016-01-04 at 15.54.46.png

Third node with stdlib.feedMCGreenWithValue as prototype

Screen Shot 2016-01-04 at 15.55.31.png

3. Adding a Miner

Under CONFIG add a new Miner generating IPv4 outbound indicators, like zeustracker.badips. Output should be enabled.

Screen Shot 2016-01-04 at 15.55.53.png

4. Connecting the aggregator to the Miner

Under CONFIG, click on the INPUTS field of the node created at step 1 and add the Miner.

Screen Shot 2016-01-04 at 15.56.15.png

5. Commit

Check the resulting config and press COMMIT.

Screen Shot 2016-01-04 at 15.56.34.png

6. Check the sub-graph

The resulting sub-graph should look like this:

Screen Shot 2016-01-04 at 15.58.39.png

6172 Views
0 comments
1 Likes

Register or Sign-in