05-10-2016 09:58 PM
05-23-2016 09:16 PM
Hi Scotty,
I could easily add support for the those additional indicator types, if you could send me an email we can talk about the detailed requirements. My email is lmori@paloaltonetworks.com
Thanks,
luigi
05-25-2016 08:02 AM
For the posterity: client certificates are supported in TAXII miner since MM version 0.9.12
06-02-2016 07:50 PM
Hey Luigi,
Is there anyway for the inital poll to be for a longer historic period?
It just does an hour prior to current time.
So the last year or two of data is not pulled in - becuse the begin and end timestamp is only the previous hour to when the job was run.
Cheers,
SCotty
06-03-2016 12:23 AM
Not yet, but it is a while I wanted to expose it to the config.
ER minemeld-core #18 has been created to track this, it should make into the next minor release.
06-07-2016 07:44 AM
This has been implemented in MineMeld v0.9.14 (minemeld-core ER #18)
07-05-2016 06:42 PM
Hey Luigi,
Has the deployment changed on vmware? I was trying to do a fresh deployment and can't get it to play ball today.
I was working from this https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-VMWare-desktop/ta-p/72038
using the 0.9.4 iso and it bombs out during the install after initial login with nothing in the autoupdate log to tell me what went wrong.
I've used this method probably half a dozen times in the last few months with out issue - but its failed 3 times in a row today?
Cheers,
Scotty
07-05-2016 11:08 PM
Hi ScottyAU,
I have just retested it and works in my environment.
Please, could you take a look at the contents of the file /var/log/cloud-config-output.log ?
Thanks,
luigi
07-06-2016 04:39 PM - edited 07-06-2016 04:42 PM
Hey Luigi,
Looks reasonably ok in there - only 1 error around:
Errors were encountered while processing:
libksi0
libksi1
All of the minemeld stuff comes down ok looking at the log, but hitting the box on 443 gives me a 404 from nginix.
Looking in /opt/minemeld/www/ that directory is empty - which is what is casuing the 404 (no /current/index.html or anything else).
Cheers!
07-06-2016 04:52 PM - edited 07-06-2016 04:59 PM
So after fixing the host with an apt-get install -f (which removes libksi0 and keeps libksi1) i tried a manual reinstall of all the minemeld lib debs listed in the log.
I then get this:
Selecting previously unselected package libksi0.
dpkg: regarding libksi0_3.2.2.0-0adiscon3trusty1_amd64.deb containing libksi0:
libksi0 breaks libksi1
libksi1 (version 3.4.0.5.adiscon1-0adiscon1trusty1) is present and installed.
Not sure if this *the* problem or just *a* problem. If i pick adiscon based on libksi1 and go with that (remove libksi0 and the adiscon based on it), and then grab and install https://s3-us-west-2.amazonaws.com/minemeld/minemeld_0.9.4_amd64.deb
I get no errors - but still nothing under /opt/minemeld/www/
I think there should be a symlink for current in there? (and /engine and /prototype)?
Scotty
07-06-2016 11:27 PM
Hi ScottyAU,
please could you unicast me the cloud-config-output.log file ?
Thanks !
luigi
07-07-2016 08:42 PM
Emailed - thanks mate.
07-18-2016 10:14 PM
Hey Luigi,
Did that log give you any leads as to the issue?
Cheers,
Scotty
02-07-2017 12:51 PM
I am trying to implement a feed using (Stix and Taxii) and I am having a hard time pulling the feeds. I used a prototype for taxii as an example. And I am still retrieving an error. I have included the password and username in the node config but once again I am still receiving an error.
02-08-2017 06:39 AM
Hi @pjames_ucla,
would you mind sending me the minemeld-engine.log file over at lmori@paloaltonetworks.com ?
I would like to take a look at the error. Or we can set up a webmeeting to troubleshoot it.
Thanks,
luigi
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
