Minemeld Azure

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

Minemeld Azure

Hello,

 

I have a use case in which I need to create a custom miner for Azure, but only mine for uswest and uswest2 regions. Is this possible?

Thanks in advance


Accepted Solutions
Highlighted
L1 Bithead

After some help I was able to get this going.

 

1. I used the miner prototype azure.cloudIPs to begin

2. Created new processor from stdlib.aggregatorIPv4Generic 

3. Modified the new processor config to filter (infilter) which azure regions I needed (in my case uswest and uswest2) I posted code at the bottom of this post.

4. Build output node using prototype stdlib.feedHCGreenWithValue

5. Connected miner to modified processor then to output

Currently the miner has 2595 Indicators but after going through processor output node has 326. I crosschecked against the Azure XML file and is correct

 

Code is below

uswest.PNG

 

View solution in original post


All Replies
Highlighted
Cyber Elite

@AustinEngelmann 

Microsoft publishes this via a standard JSON file https://www.microsoft.com/en-us/download/details.aspx?id=56519that gets updated weekly. With the help of some parsing you could create a custom miner that takes the information in via the MNemeld API and script it rather easily. 

Highlighted
L1 Bithead

Any good documentation on how to do this. I am weak in scripting. Thank you for your help.

 

Cyber Elite

@AustinEngelmann,

I don't have an example off hand, but it looks like you should be able to parse the response relatively easily as they all have the "region" attribute you can filter on. There are plenty of examples on parsing JSON in Python and similar languages online. 

Highlighted
L1 Bithead

age_out:
default: null
interval: 257
sudden_death: true
attributes:
share_level: green
infilters:
- actions:
- accept
conditions:
- __method == 'withdraw'
name: accept withdraws
- actions:
- accept
conditions:
- type == 'IPv4'
- Region Name == 'uswest'
- actions:
- accept
conditions:
- type == 'IPv4'
- Region Name == 'uswest2'
- actions:
- drop
name: drop all

 

 

 

 

The above doesn't seem to work, although I'm trying to follow ->https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Filtering-Azure-IP-ranges-based-on-a-subse...

Any help is appreciated, I've broke my Minemeld twice in two days now.

 

Thanks

Highlighted
L1 Bithead

After some help I was able to get this going.

 

1. I used the miner prototype azure.cloudIPs to begin

2. Created new processor from stdlib.aggregatorIPv4Generic 

3. Modified the new processor config to filter (infilter) which azure regions I needed (in my case uswest and uswest2) I posted code at the bottom of this post.

4. Build output node using prototype stdlib.feedHCGreenWithValue

5. Connected miner to modified processor then to output

Currently the miner has 2595 Indicators but after going through processor output node has 326. I crosschecked against the Azure XML file and is correct

 

Code is below

uswest.PNG

 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!