- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-18-2020 07:18 AM
Good Morning All,
I am trying to configure our minemeld system to use the new FS-ISAC STIX/TAXII feed but its giving me issues. Has anyone successfully configured Minemeld to pull information from FS-ISAC recently? I added a sample of the config settings that I am using and a screenshot of the error message.
Config Settings
age_out:
default: last_seen+30d
sudden_death: false
attributes:
confidence: 50
share_level: green
collection: <feedname>
discovery_service: <fs-isac discovery service>
Error Message
<urlopen error [SSL: TLSV1_ALERT_INTERNAL_ERROR] TLSV1 ALERT INTERNAL ERROR (_SSL.C:726)>
06-19-2020 10:10 AM
Issue resolved by following the link below.
https://github.com/PaloAltoNetworks/minemeld-core/issues/371#issue-642113566
06-19-2020 10:10 AM
Issue resolved by following the link below.
https://github.com/PaloAltoNetworks/minemeld-core/issues/371#issue-642113566
06-24-2020 05:59 AM
I have improved the minemeld-taxii-ng extension to improve compatibility with FS-ISAC feeds. You can do this to configure your MineMeld for FS-ISAC:
Activate the extension
07-01-2020 07:45 AM
Hi Sir,
We are trying to integrate FS-ISAC threat feeds into Minemeld instance. In the 4th Step,you mentioned to restart the API. I did the same and got Bad Gateway error. I thought of logging out and logging in back again to see if that resolves the issue. However, after logging out of the instance, it is not allowing me to login back again. I am still getting Bad Gateway error. Requesting your quick help here as we have critical data in Minemeld and it is not working.
07-01-2020 08:39 AM
Could you check /opt/minemeld/log/minemeld-web.log for errors?
If you don't see anything and you want to quickly restore try this:
/opt/minemeld/engine/current/bin/pip uninstall minemeld_taxii_ng
and then restart the instance
07-01-2020 09:19 AM
I think the problem is that you are running a pretty old version of MineMeld (0.9.52.post1) and I didn't set the right constraint in the extension.
I would go ahead and uninstall minemeld-taxii-ng using my instructions above.
After upgrading your MineMeld version to a recent one, you will be able to use the extension.
07-01-2020 09:30 PM
sure, I will try that. Can you give me the instructions for upgrading the MineMeld
07-01-2020 10:01 PM
I am running ubuntu 14.04.5 LTS, do you suggest to upgrade that as well? if yes, to which version do you suggest to upgrade?
can you give me the instructions on how do I upgrade latest version of Minemeld on Compatible Ubuntu version?
07-02-2020 02:31 AM
While Trying to uninstall minemeld_taxii_ng, I got the below error.
ubuntu@ip-addresss:/opt/minemeld/engine/current/bin$ pip uninstall minemeld_taxii_ng
Cannot uninstall requirement minemeld-taxii-ng, not installed
Storing debug log for failure in /home/ubuntu/.pip/pip.log
Requesting your help to resolve the error
07-04-2020 08:11 AM
@lmori did you get a chance to look into this?
07-04-2020 08:23 AM
@lmori did you get a chance to look into this?
07-10-2020 07:38 AM
@SaiLakshmi I was not sure if your question about the Ubuntu OS version was answered. Minemeld works best on Ubuntu 16. Got it running on Ubuntu 16.04.6 LTS server with no problems at all.
12-08-2020 10:43 AM
@lmori , there seems to be a possible UI bug with this extension. Sometimes the NODE SETTINGS are not displayed in Chrome and this makes configuring the Username and Password fields impossible. Safari and FF do not seem to have the issue.
MM: 0.9.70
minemeld-taxii-ng: 0.2a4 but also in earlier releases
Chrome: 87.04280.88
FF: 82.03
macOS: 10.15.7
Thanks,
-Mike
05-21-2021 01:28 PM
I need help configuring this. We signed up and the doc they gave us has a Discovery Service, Collection Service, and Poll Serivce URL for TAXII 1.1, 2.0 and 2.1.
Which version do we use? When you say collection: <feedname> what do you put there, the collection service url beginning with https ? Or do you have to pick one of the TAXII1.x collection names (there are 11, 3 are not applicable though legacy,test,na).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!