- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-19-2016 10:10 PM - last edited on 07-20-2016 10:34 AM by Retired Member
Is there anyone able to share on how to configure minemeld nodes to automate resolving/capturing the “*.google.com.*” dynamic IP address, so I could integrate with palo alto networks dynamic Block list feature to identify most of the google.com IP addresses.
I saw google.GCENetblocks and google.netBlocks in minemeld, but wondering if this cover “*.google.com.*”. I will wish to know how to add a customize minemeld node on youtude if possible. For example on http/https “*.youtube.com.*”.
Your help is very much appreciated. Thanks a lot.
07-20-2016 05:10 AM - last edited on 07-20-2016 10:34 AM by Retired Member
Hi,
google.netBlocks and google.GCENetBlocks retrieve the list of IP addresses used by Google services and Google GCE using DNS queries. Ref:
https://support.google.com/a/answer/60764?hl=en
https://cloud.google.com/compute/docs/faq#where_can_i_find_short_product_name_ip_ranges
Is this your goal ?
Thanks,
luigi
08-02-2016 12:29 AM
Hi luigi,
Thanks for the information, yes this is on google. But how about Youtube.com, anyway we can set up a node on Youtube.com global list in the ProtoType?
Please let me know if this is possible in the minemeld.
Thanks
Darren Koh
+65 91790713
08-02-2016 04:39 AM
Hi Darren,
I haven't found a way to obtain all the IPs used by Youtube. Wouldn't be better to control access using App-ID ? Or you need IPs ?
08-08-2016 02:36 AM
Hi Luigi,
Customer would want to use PBF policy to route all Youtube Taffic to direct traffic to a specific Egress interface on the firewall.
The problem is our PBF policy dont have all APP-ID signature in it, such as Youtube, Facebook and etc.
Thanks
Darren Koh
08-10-2016 05:47 AM
Hi Darren,
understood. The problem is I can't find a good way to isolate the IPs used by Youtube from those used by other Google Services.
Do you have an idea on how to do that ?
Thanks,
Luigi
08-10-2016 11:58 PM
Hi Luigi,
I got a solution on this but it is a bit of work to do, we were need to create a new miner and proyotype as shown below:
https://github.com/PaloAltoNetworks/minemeld/wiki/How-To-Write-a-Simple-Miner#the-prototype
Hope this make sense to you.
Thanks
Darren koh
08-12-2016 07:41 AM
Hi Darren,
writing a Miner would be definitely possible, but the example shown in the github doc is for retrieving a list of URLs associated with a YouTube channel. You can't use those in a PBF. Would a list of URLs be enough ?
Luigi
08-31-2016 08:09 PM
Hi Luigi,
URLs will not be enough i was thinking of creating a miner/prototype to indicate all the youtube.com IP address in the miner to to make the Dynamic list works better. you have any insight on how this can works?
Thanks
Darren koh
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!