Minemeld Azure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Minemeld Azure

L1 Bithead

Hello,

 

I have a use case in which I need to create a custom miner for Azure, but only mine for uswest and uswest2 regions. Is this possible?

Thanks in advance

1 accepted solution

Accepted Solutions

L1 Bithead

After some help I was able to get this going.

 

1. I used the miner prototype azure.cloudIPs to begin

2. Created new processor from stdlib.aggregatorIPv4Generic 

3. Modified the new processor config to filter (infilter) which azure regions I needed (in my case uswest and uswest2) I posted code at the bottom of this post.

4. Build output node using prototype stdlib.feedHCGreenWithValue

5. Connected miner to modified processor then to output

Currently the miner has 2595 Indicators but after going through processor output node has 326. I crosschecked against the Azure XML file and is correct

 

Code is below

uswest.PNG

 

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

@AustinEngelmann 

Microsoft publishes this via a standard JSON file https://www.microsoft.com/en-us/download/details.aspx?id=56519that gets updated weekly. With the help of some parsing you could create a custom miner that takes the information in via the MNemeld API and script it rather easily. 

Any good documentation on how to do this. I am weak in scripting. Thank you for your help.

 

@AustinEngelmann,

I don't have an example off hand, but it looks like you should be able to parse the response relatively easily as they all have the "region" attribute you can filter on. There are plenty of examples on parsing JSON in Python and similar languages online. 

age_out:
default: null
interval: 257
sudden_death: true
attributes:
share_level: green
infilters:
- actions:
- accept
conditions:
- __method == 'withdraw'
name: accept withdraws
- actions:
- accept
conditions:
- type == 'IPv4'
- Region Name == 'uswest'
- actions:
- accept
conditions:
- type == 'IPv4'
- Region Name == 'uswest2'
- actions:
- drop
name: drop all

 

 

 

 

The above doesn't seem to work, although I'm trying to follow ->https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Filtering-Azure-IP-ranges-based-on-a-subse...

Any help is appreciated, I've broke my Minemeld twice in two days now.

 

Thanks

L1 Bithead

After some help I was able to get this going.

 

1. I used the miner prototype azure.cloudIPs to begin

2. Created new processor from stdlib.aggregatorIPv4Generic 

3. Modified the new processor config to filter (infilter) which azure regions I needed (in my case uswest and uswest2) I posted code at the bottom of this post.

4. Build output node using prototype stdlib.feedHCGreenWithValue

5. Connected miner to modified processor then to output

Currently the miner has 2595 Indicators but after going through processor output node has 326. I crosschecked against the Azure XML file and is correct

 

Code is below

uswest.PNG

 

  • 1 accepted solution
  • 7688 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!