- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-27-2018 12:32 PM - edited 02-27-2018 12:44 PM
Regarding DAGPusher Output node.
I don't mean to hit anyone with a firehose but I have several questions I'm having trouble finding the answers to regarding the DAGPusher Output node in MineMeld. It's my understanding this node will allow MineMeld to add IPs to a Dyanmic Address Group object on a PA.
Is there any documentation for this module?
How is the desired Dyanmic Address Group object on the target PA specified?
How is the vsys specified? When adding a new "handled device" vsys isn't listed but after adding there is a column for it.
Is there a minimum PA software version for this to work?
Can the a PA API key be utilized instead of user password?
I'm doing some testing and can see where to add "handled devices"; however, as of yet I'm not seeing entries being pushed to my lab pa after providing the ssh credentials. I'm interested the expected behavior of this module.
*EDIT*
After switching from FQDN for hostname to IPv4 address, I'm now seeing entries being pushed looks like it's pushing the IPs to the following tags by default;
"mmld_confidence_high"
"mmld_direction_unknown"
"mmld_pushed"
I'm assuming then I will need to modify the prototype to specifcy a different tag. Any info on what 'config/variables' I would need to set to change or add a different tag?
02-28-2018 09:55 AM
Hi @PA-User, I'm working on a new article describing all hidden secrets of the DAGPusher node. It will contain answers to all your questions.
02-28-2018 10:41 AM
I was hoping you'd chime in; you've been immensly helpful!
Is that something you were hoping to publish this week yet or is it still a work in progress?
02-28-2018 10:43 AM
I'm finishing it. It should be published this week.
02-28-2018 10:52 AM
Awesome! Looking forward to that. I've been managing DAG (Dynamic Address Group) objects in PA with some homebrew scripting up to now. Hoping to let minemeld take over some of that.
I've got one more question to add if it's not too much trouble -- maybe you were already addressing this. Does the DAGPusher node remove IPs registered to a DAG that are no longer present because they have been removed from the list?
My experience has been that adding IPs to DAGs via API is super easy but then the care and feeding of syncing the lists takes a bit more scripting and verification. I'curious whether DAGPusher removes IPs that have been removed from it's list.
03-01-2018 11:37 AM
@PA-User, here it is https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-implement-a-poor-man-s-NAC-...
Appreciate any feedback.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!