Automate Minemeld .lst entries

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automate Minemeld .lst entries

L1 Bithead

Needing Automation.  Our Security analysts often send an email with URL(s), IP(s) that need to be Allowed/Blocked.  We have experimented with EDL and Minemeld and are successfully using each.  We are going to consolidate to using only Minemeld for these requests.


We would like to automate it, so that the initial request can easily be approved and implemented without our (Implementation) team's involvement.

Is anyone already using a simple system to accept URL/IP entries that runs the python script (  We could tie it into Servicenow or maybe use a simple webpage? 


Appreciate any thoughts!


L2 Linker

@Timotheous ,


Thanks for your question!


As I'm sure you're aware, Minemeld is an open-source solution that is available to anyone who wants to run it. Due to it's open-source nature, there is no official support for it. I think it's best to look at your requirement(s) and determine whether it makes sense to build something on your own, or look at other methods/solutions to achieve the desired outcome.


That said, there are a couple of things that I'd recommend you take a look at:


1. Demisto - Palo Alto Networks acquired Demisto earlier this year and the product is a comprehensive Security Orchestration, Automation, and Response (SOAR) solution. Demisto has an incredibly vast ecosystem of products that it integrates with including Palo Alto Networks Next-Generation Firewall, Minemeld, and ServiceNow. You can create "playbooks" to automate SOC processes and standardize workflows. There's a "community edition" as well as an "enterprise edition". The community edition is supported through the Demisto community - the enterprise edition:


This link will allow you to view the Demisto Data Sheet:

Demisto Data Sheet 


2. Palo Alto Networks AutoFocus is an officially supported threat intelligence platform that provides access to Palo Alto Networks' massive repository of threat intelligence and is consumable as a feed very similar in nature to Minemeld. There's an option for an AutoFocus-hosted version of Minemeld that removes the need for you to operate and maintain a locally hosted version of Minemeld.


This link will allow you to access the AutoFocus Data Sheet:


AutoFocus Data Sheet


Additionally, this is a link to information on the AutoFocus-hosted version of Minemeld - a chapter within the AutoFocus Administrators Guide:


AutoFocus Hosted Minemeld


ServiceNow offers an integration with AutoFocus:


ServiceNow Store: Palo Alto Networks AutoFocus for Security Operations


ServiceNow: Palo Alto Networks - AutoFocus Integration Overview


And here are details on how to configure the ServiceNow integration with AutoFocus:


ServiceNow: Activate and Configure Palo Alto Networks AutoFocus Integration


Please let me know if you have any additional questions.


Thanks for your interest in Palo Alto Networks!




Jeff Hochberg | Senior Solutions Engineer - Product Partnerships

Palo Alto Networks | Atlanta, GA |  USA


The content of this message is the proprietary and confidential property of Palo Alto Networks and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by reply e-mail. Any unauthorized use or distribution of the content of this message is prohibited.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!