- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-28-2021 09:19 AM
We have a JSON file from the URL below which is updated weekly:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519
Ideally, we would like to pull a list of IPV4 IP addresses out from the section "name": "AzureIoTHub", which needs to be converted into EDL format by MineMeld. The list of IPs can then be referenced in the security policies in Palo Alto.
Does anyone how to set up a customised prototype in Minemeld?
Thanks
08-16-2021 06:24 AM
Hi @Yongjie ,
What version of MineMeld are you running?
If you are running one of the laters you should be able to use the build-in miner Azure IPs. In previous version MineMeld was mining old URL that was not providing the what information for what service was used the IP range. But in the recent version (not sure since when) it is supporting service tag.
- You should see azure.cloudIPsWithServiceTags miner prototype
- You can clone it to create miner, that will mine the entire json file and filter the service you need on the output
- Using one of the standard output prototype create new and add filter condition to accept only prefixes with service tag of your choise.
Below is example I am using for output only Azure CosmosDB.
infilters:
- actions:
- accept
conditions:
- __method == 'withdraw'
name: accept withdraws
- actions:
- accept
conditions:
- type == 'IPv4'
- azure_system_service == 'AzureCosmosDB'
- azure_region == 'westeurope'
name: accept AzureCosmosDB IPv4
- actions:
- drop
name: drop all
store_value: true
Note you can check the correct serive name from the original JSON.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!