Microsoft Azure Datacenter IP Ranges

Showing results for 
Search instead for 
Did you mean: 

Microsoft Azure Datacenter IP Ranges

L1 Bithead

Hi Luigi,


One of my customers needs to allow traffic to Microsoft Azure Datacenter IP Ranges for Microsoft Power Bi. Any plans to add a miner for it?

The URL source is

The file is in XML format

I tried to create a new prototype but I couldn't find an XML class. Are you planning to add it?




L7 Applicator

Hi Mauricio,

there is no Miner for Azure IP Ranges yet, but it will be easy to add. It will be added for the next minor release, sometime next week.

I have created minemeld-core enhancement #14 to track this.


I have also created enhancement #15 and #16 to track development of Miner for GCE and Google IP ranges.


did you solve your issue? i also need to import azure ip range to palo.

thank you in advance

Yes, Miners for GCE, Google IPs and Azure are now available in MineMeld.



I can see the prototype for the azure ranges on the Github page. But how do I go about adding it into my minemeld config? Total rookie here.



Hi @El-ahrairah,

just go to CONFIG, press IMPORT and copy & paste the following. Click on APPEND and then COMMIT. After the COMMIT you will find a new output node under NODES called azureIPv4s with the list of IPs used by Azure.



    inputs: []
    output: true
    prototype: azure.cloudIPs
      - azure_cloudIPs
    output: true
    prototype: stdlib.aggregatorIPv4Generic
      - cloud_IPv4s
    output: false
    prototype: stdlib.feedHCWithValue


L1 Bithead



Right now, there's only one miner for all Azure Datacenter IPs -- there's an opportunity to split by region (e.g. USWest, USEast, etc) so that Minemeld users can more granularly select what IPs they want.


Is there any thought to expanding out the miner definitions so that there's one per region?





@michaelseto : The azure miner attachs the azure_region attribute to the indicators. You can see it in the miner logs.

    "_age_out": 4294967295000,
    "confidence": 100,
    "azure_region": "uksouth",
    "share_level": "green",
    "_last_run": 1507016882946,
    "sources": [
    "first_seen": 1507016882946,
    "type": "IPv4",
    "last_seen": 1507016882946

That means that you can use the output node input filter capabilities to accept/drop indicators based on that indicator's attribute value. For instance, the following 'infilters' configuration would only accept indicators for the region 'uksouth'


-   actions:
    - accept
    - __method == 'withdraw'
    name: accept withdraws
-   actions:
    - accept
    - azure_region == 'uksouth'
    - share_level == 'green'
    name: accept azure IP for region uksouth
-   actions:
    - drop
    name: drop all

Ah thank you @xhoms.


Your solution is more elegant than my own.


I ended up modifying some of the python (/opt/minemeld/engine/core/minemeld/ft/ and creating new miner prototypes per region.


At least I learned something? haha.



Hi @michaelseto,

nice ! could you send us a pull request on the github repo ?



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!