10-31-2019 02:37 PM
Needing Automation. Our Security analysts often send an email with URL(s), IP(s) that need to be Allowed/Blocked. We have experimented with EDL and Minemeld and are successfully using each. We are going to consolidate to using only Minemeld for these requests.
We would like to automate it, so that the initial request can easily be approved and implemented without our (Implementation) team's involvement.
Is anyone already using a simple system to accept URL/IP entries that runs the python script (minemeld-sync.py)? We could tie it into Servicenow or maybe use a simple webpage?
Appreciate any thoughts!
11-19-2019 04:13 PM
Thanks for your question!
As I'm sure you're aware, Minemeld is an open-source solution that is available to anyone who wants to run it. Due to it's open-source nature, there is no official support for it. I think it's best to look at your requirement(s) and determine whether it makes sense to build something on your own, or look at other methods/solutions to achieve the desired outcome.
That said, there are a couple of things that I'd recommend you take a look at:
1. Demisto - Palo Alto Networks acquired Demisto earlier this year and the product is a comprehensive Security Orchestration, Automation, and Response (SOAR) solution. Demisto has an incredibly vast ecosystem of products that it integrates with including Palo Alto Networks Next-Generation Firewall, Minemeld, and ServiceNow. You can create "playbooks" to automate SOC processes and standardize workflows. There's a "community edition" as well as an "enterprise edition". The community edition is supported through the Demisto community - the enterprise edition:
This link will allow you to view the Demisto Data Sheet:
2. Palo Alto Networks AutoFocus is an officially supported threat intelligence platform that provides access to Palo Alto Networks' massive repository of threat intelligence and is consumable as a feed very similar in nature to Minemeld. There's an option for an AutoFocus-hosted version of Minemeld that removes the need for you to operate and maintain a locally hosted version of Minemeld.
This link will allow you to access the AutoFocus Data Sheet:
Additionally, this is a link to information on the AutoFocus-hosted version of Minemeld - a chapter within the AutoFocus Administrators Guide:
ServiceNow offers an integration with AutoFocus:
ServiceNow Store: Palo Alto Networks AutoFocus for Security Operations
ServiceNow: Palo Alto Networks - AutoFocus Integration Overview
And here are details on how to configure the ServiceNow integration with AutoFocus:
ServiceNow: Activate and Configure Palo Alto Networks AutoFocus Integration
Please let me know if you have any additional questions.
Thanks for your interest in Palo Alto Networks!
-JeffH
Jeff Hochberg | Senior Solutions Engineer - Product Partnerships
Palo Alto Networks | Atlanta, GA | USA
The content of this message is the proprietary and confidential property of Palo Alto Networks and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by reply e-mail. Any unauthorized use or distribution of the content of this message is prohibited.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
