- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
on 02-03-2016 02:00 AM
The simple, default config included in MineMeld VM creates a graph to process IPv4 indicators for inbound connections, typically used to filter out scanning hosts or well known brute force attackers. For IPv4 indicators for outbound connections we can define a new sub-graph with its own set of output feeds. These new set of feeds can then be used in the destination part of the PAN-OS security policies.
Under CONFIG press +. Configure a new node with prototype stdlib.aggregatorIPv4Outbound and Output enabled.
Under CONFIG add 3 new nodes (HC, MC and LC) for the output feeds and select the node created at point 1 as Input.
First node with stdlib.feedHCGreenWithValue as prototype
Second node with stdlib.feedMCGreenWithValue as prototype
Third node with stdlib.feedMCGreenWithValue as prototype
Under CONFIG add a new Miner generating IPv4 outbound indicators, like zeustracker.badips. Output should be enabled.
Under CONFIG, click on the INPUTS field of the node created at step 1 and add the Miner.
Check the resulting config and press COMMIT.
The resulting sub-graph should look like this: