This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Bulk submission support using Web GUI? and CLI access to minemeld hosted in Autofocus?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Bulk submission support using Web GUI? and CLI access to minemeld hosted in Autofocus?

lgiancaterini
L2 Linker

‎04-19-2017 07:50 PM

I cannot see a way to do bulk submissions from the Web GUI that I know of so are there plans on having that capability in a future Minemeld release?

 

how to get CLI access to Minemeld hosted in Autofocus?

1 person had this problem.
0 Likes Likes
14 REPLIES 14

chirss
L3 Networker

‎04-20-2017 07:38 PM

What do you mean by bulk submissions?

0 Likes Likes

lgiancaterini
L2 Linker
In response to chirss

‎04-21-2017 05:42 AM

IP addresses, URL's, domains into a Minor.

0 Likes Likes

chirss
L3 Networker
In response to lgiancaterini

‎04-21-2017 07:34 AM

Put the list into a file on a web server and point a miner to it.

0 Likes Likes

lmori
L7 Applicator
In response to chirss

‎04-23-2017 11:48 PM

An alternative is defining 3 local Miners and push indicators to the Miner using MineMeld API.

0 Likes Likes

Kyle_Buffington
L1 Bithead
In response to lmori

‎06-13-2017 01:21 PM

I was looking for this same information. I need to add 632 IP addresses to my current running IPv4 Blacklist feed and doing this 1 at a time via the GUI is a PITA.  I like to put comments on my submissions so I will know what they are down the road. 

0 Likes Likes

lmori
L7 Applicator
In response to Kyle_Buffington

‎06-19-2017 05:38 AM

Hi @Kyle_Buffington,

I have created as script that can be used to synchronize a local list of IPs with a local Miner in MineMeld:

https://gist.github.com/jtschichold/95f3906566b18b50cf2e3e1a44f1e785

 

The script reads a list of IPs/URLs/domains from a local file and uses the MineMeld API to push or remove indicators from a remote stdlib.local* Miner in a MineMeld instances.

Kyle_Buffington
L1 Bithead
In response to lmori

‎06-19-2017 07:37 AM

Thank you for the script @lmori. Asking a peer for help because that is way out of my realm of how to use.  I basicaly login via the web gui and add a manual IP to our blacklist is the extent of my knowledge of MineMeld and scripting. 🙂 

0 Likes Likes

lmori
L7 Applicator
In response to Kyle_Buffington

‎06-20-2017 05:19 AM

Hi @Kyle_Buffington,

I just published an article about using the script:

https://live.paloaltonetworks.com/t5/MineMeld-Articles/Uploading-list-of-indicators-to-MineMeld/ta-p...

Kyle_Buffington
L1 Bithead
In response to lmori

‎06-23-2017 05:25 AM

Awesome! Thank you!

0 Likes Likes

Kyle_Buffington
L1 Bithead
In response to Kyle_Buffington

‎06-28-2017 12:25 PM

 Being able to add a Comment field in the script would be much appreciated Luigi.  I like to mark why I am blacklisting an IP and have record of what it was weeks later when I am looking at the IP Addresses as a reminder. Possible?

 

I am doing 632 comments manually right now in the GUI after running the script to add all those IP addresses to my Miner. 

0 Likes Likes

lmori
L7 Applicator
In response to Kyle_Buffington

‎06-29-2017 01:40 AM

Hi @Kyle_Buffington,

absolutely, that's something I wanted to add. About the syntax, would something like this work ?

# comment for indicator1
indicator1
# comment for indicator2
indicator2
...

Example

# Google Public DNS 1
8.8.8.8
# Google Public DNS 2
8.8.4.4

Kyle_Buffington
L1 Bithead
In response to lmori

‎06-29-2017 07:10 AM

@lmori Yes that works well I believe. 

0 Likes Likes

sbayrak
L0 Member
In response to lmori

‎05-13-2019 06:47 AM

Hi lmori

Palo Alto told me that it was impossible to push anything to MineMeld hosted in Autofocus by using MineMeld API

It could only be done with your own MineMeld instance hosted anywhere else, that's what they added... is that the case?

Cheers

0 Likes Likes

Hongji.Guo
L0 Member
In response to lmori

‎05-17-2019 09:50 AM

Hello lmori.

Where does your script install ?  on the minemeld host ? if yes, I need access to the CLI of minemeld which I don't have

Thanks

 

HJ

0 Likes Likes
  • 10327 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks