Hi again, after good feedback received on the first post on MineMeld architecture and hardening I wrote a new post on how I built the foundation of near-real-time integration of MineMeld with our Information Security Operation Center (i-SOC) custom S...
Hello All, Based on @lmori's great guide for doing a manual install of Minemeld on Ubuntu 14.04, I have taken his configurations and wrapped them in a Vagrantfile for easy foolproof deployment of Minemeld. It's a simple 3 step process: Install latest...
I am getting the below ERROR when installing on Ubuntu 16.04 using the instructions on the below SITE. The URL's that are referenced api.nodesecurity.io do not resolve to an address which seems to be the issue, does anyone know how I can continue thi...
I have a different sort of thought and could use some help figuring out if mm can do this. Essentially I would like to feed in a list of ip addresses and then if there is a match against any blacklist to throw it to an output. The idea here is to lis...
Hello, I created a custom taxii client node type using cabby. But I get an ssl certificate error. I'm behind a proxy. When I run a test py using cabby, everthing works fine. But the node shows error. As you can see, I've set verify_ssl=False. Could a...
When I attemt to commit changes to Minemeld that include outputs using data from a local DB. Does anyone have any insight into what the Bad Gateway error signifies? I have attached a screenshot of the error message I am receiving.
Hello I'm trying to create a mine meld feed that will somehow download and read an XML file (or just read and xml) which contains a list of Azure datacenter IP addresses , which I can use to apply to my PAN firewall. Any help/direction is appreciated...
Hi, I'm fairly new to Minemeld so trying to figure out a few things I seem to be stuck on. We currently pull Office365 URLs into Panorama as an EDL and I am trying to append a \ to the end of every URL in the EDL within Minemeld. I went over the docu...
Hi, I've just setup MineMeld (MindMelt ;-)) in my environment. The installation (XenServer/Ubuntu/MineMeld) and configuration was quite straightforward and easy. Then I have configured the Office 365 lists and connected them on th PaloAlto Firewall. ...
Hi dear community, I just implemented MineMeld server and configured EDLs and test policies. For the MineMeld I used "o365-api-any-any.txt" from https://paloaltonetworks.app.box.com/s/ywkh7rc2rj0kyl0qetr6m6ag3akxvvx6/folder/51988433336. Does anybody ...
I'm trying to append o365-api-any-any.txt to my existing config. The top 5 miners are displaying a red x thus I can't append them. If I remove them I can append however then I can't commit as they're missing. What am I doing wrong? Sorry, new to mine...
Just started going through the new miners and looking over docs, we are not in production on our deployment for O365 yet. I understand there are app-Id's that would catch most of these, but I noticed that the URL Minemeld feed for the "any-any" versi...
I have set up the feeds, and the EDLs and added the EDLs into a policy. Whenk I run the command in the CLI "request system external-list show type url name o365-URLs", I retrieve the list in the PA firewall, and the list there matches the list in Min...
Hi I've had 100% CPU usage from the celery-worker processes for a few weeks now, I spent some time trying to resolve this but without resolution. I'm using a standard Ubuntu 14 appliance build. The issue is a looping of emerging threats downloading, ...
I'm using minemeld to pull the O365 urls into my PAN. I get a list that has entries like*.domain.comsub.domain1.com I need to import those entries and rewrite them so they look like*.domain.com/domain.com/*.sub.domain1.com/sub.domain1.com/ Any pointe...
I'm trying to build a new Minemeld box on a fresh install of Ubuntu 16.04 (also tried Centos too) and wehn I run the ansible installer I get to a poin tthen the installer fails with this output, any ideas what's wrong? FWIW, I've tried installing as ...
I'm using a minemeld server to generate an external dynamic list for a PA-5220 runing version 8.1.4. The dynamic URL list exceeds the 50,000 entry limit. I've seen other posts recommending to use URL parameters to limit the list to the first 50,000 a...
