Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-28-2017 11:06 AM
Hello,
I am currently in the process of moving our threat feeds into Minemeld.
One of our providers is Recorded Future, which i have enabled as a node, and set the API access key.
when i go to run a the mode, it gives me a 401 client Error: Unauthorized
naturally, i checked if the API key was incorrect, but i am still able to manually grab the feeds i need from recorded future using the API key, so that is not the issue.
am i missing something in the setup, or is this an issue with minemeld?
Also, the protoype in minemeld seems to only grab the IPlist from Recorded future; how would one go about grabbing other feeds from Recorded future?
Thanks for your time and this excellent product.
Jonas
07-07-2017 06:45 AM
hi luigi
Yes, it is working for me now as well. Sorry but i do not remember exactly what the issue was, but it was on our end not Minemeld's :).
Also, I want to add More lists from recorded future in Minemeld, such as domainrisklist.
I am currently building a new class in recordedfuture.py that should be able to ingest Domain risklist as well.
I have also talked to the Recorded Future, and they mentioned that their version 1 of the api will be depreciated soon, and suggested upgrading to v2 of their api. Based on the code i see, the class IPRiskList still uses v1, is that correct?
Thank you for your time and help,
Jonas
07-10-2017 10:11 AM
Hi @JonasE,
thank you for your message, I will talk with RF to add support for APIv2 and more feeds. If you would like to work on it and contribute it back, that would be awesome !
luigi
07-11-2017 01:45 PM
Hey Luigi,
Yes, i am currently writing a DomainLists Class and implementing it using Http Requests and v2 of Recorded Future's API.
I will also update the IPRisklist with the new Request call, so that everything is up to date. If everything goes according to plan, i should be pushing the commit by the end of the week.
if i have any questions about the way the class is structured, what's the best way to contact you? through the forum?
have a nice day,
Jonas
07-12-2017 06:02 AM
Hi @JonasE,
you can:
- ping me over the PAN Community Slack team (http://pan-community.net/) channel #minemeld
- create an issue on the github repo (https://github.com/PaloAltoNetworks/minemeld-core)
- email me at lmori@paloaltonetworks.com
Thanks !
luigi
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
