Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-21-2017 07:23 AM
I'm looking to understand what are the available address feeds which can be consumed from Minemeld. Is there somewhere I can look this up, without installing it?
06-21-2017 07:37 AM
Hi @Brandon_Wertz,
feeds are added every months, a partial list is available here:
https://github.com/PaloAltoNetworks/minemeld/wiki/List-of-Supported-Nodes
Some of the Miners are generic and let you connect to feeds not listed there, like the TAXII Miner.
06-21-2017 08:05 AM
@lmori Thanks for the quick reply. So I see the list, and I just wanted to clarify something. I thought there were something like 140+ potential feeds to consume. I don't see nearly that much on the page.
So I was hoping you could clarify something for me.
I'm trying to use PBF rule in my PA, and wanted to use applications, but I'm not really seeing that many. Specifically ones like WebEx, Office365, SalesForce...Bigger named business SaaS apps.
My desire was to use PBF to policy based route these types of apps out a DIA connection. I had a meeting with my SE and he indicated that I should be able to use the apps, but also said using MineMeld would be a more assured way of ensuring the PBF rule worked as desired.
So my question is this. I see there's Office 365, but are there other SaaS apps which I could use MineMeld to use in a PBF rule if the PBF rule doesn't have a usable application?
06-21-2017 08:08 AM
Hi @Brandon_Wertz,
those you see on that web page are macro categories, to have a full detailed list of the 140+ feeds you have to check the prototype library of a MineMeld instance.
Currently there are SaaS feeds for O365 and AWS S3.
Luigi
06-21-2017 08:18 AM
@lmori wrote:
...to have a full detailed list of the 140+ feeds you have to check the prototype library of a MineMeld instance.
Currently there are SaaS feeds for O365 and AWS S3.
Luigi
So you'd have to load it to see what's in it? Would you happen to know if there's any plan to expand the collection of SaaS applications? (The larger ones? ... Webex is a great example)
06-21-2017 12:29 PM
For your example webex you could make a simple whitelist miner for domains and for ip addresses based on the data here:
https://cisco-support.webex.com/guest/articles/en_US/Usability_FAQs/WBX264/myr=false
06-22-2017 09:22 AM
AWS, O365, Azure are all low hanging fruits because they publish their ranges and URLs in machine readable format. We could build a miner to parse HTML and PDF files to extract the ranges, the problem is when the vendor decides to change the format of the HTML page or of the PDF file. More vendor should start publishing their ranges to make security admins life easier 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
