MineMeld Discussions
cancel
Showing results for 
Search instead for 
Did you mean: 
MineMeld Discussions
About MineMeld Discussions

Welcome to the MineMeld discussion forum. Please feel free to ask questions and engage with other community members. Ideas, questions, research, and observations regarding MineMeld are all actively encouraged.

Note: Participation in the discussion forum requires a Live Community account. Registration is free and easy! Simply click here to sign up.

Forum Posts

Deploying Minemeld Using Vagrant and Virtualbox

Hello All, Based on @lmori's great guide for doing a manual install of Minemeld on Ubuntu 14.04, I have taken his configurations and wrapped them in a Vagrantfile for easy foolproof deployment of Minemeld. It's a simple 3 step process: Install latest...

nbilal by L3 Networker
  • 10146 Views
  • 2 replies
  • 9 Likes

Updating MineMeld

Hi Guys I am running 0.9.48 and want to get to 0.9.50+ to utilise the latest Office365 feeds. I have checked the old method and I don't have the auto update utility installed /usr/sbin/minemeld-auto-update If it try this method as suggested sudo add-...

Custom search filters for Anomali

Hello, Is it possible to configure the Anomali miner to allow for custom queries? For example, in threatstream, I like to search for the following string in Analyze -> Observables. How can I configure the anomali.opticAPI miner to allow for this? ((t...

otlaP5 by L0 Member
  • 1314 Views
  • 1 replies
  • 0 Likes

How to apply advanced filters for O365 API feeds?

Hi, We would like to retrieve IP addresses from O365, but only for a specific endpoint set (in that instance, endpoint set 56 which is related to O365 authentication (login.microsoft.com etc.), as you can see here: https://docs.microsoft.com/en-us/of...

Picheck by L0 Member
  • 1463 Views
  • 0 replies
  • 1 Likes

AutoFocus Miner problem

I am getting no indicators when I run an AutoFocus miner on an AutoFocus search to pull in the files my Firewalls submitted to Wildfire and did not block. The query I'm running is: {"operator":"all","children":[{"field":"sample.malware","operator":"i...

MM Screenshot.JPG
AF Screenshot.JPG

Minemeld URL whitelist wildcard

I'm finding some URLs populating in our URL blocklist that I would like to whitelist. I have already added my wlMiner, and manually added them to our aggregator. This works as expected, and removes the URL's. Problem is, I have to add the exact, full...

Sec101 by L4 Transporter
  • 1190 Views
  • 0 replies
  • 0 Likes

Resolved! Cannot retrieve indicators from FS-ISAC feed

I recently created a feed over at FS-ISAC for my organization, and I'm able to connect successfully from within MineMeld, however I am not receiving any indicators. My initial_interval is set to 30d and when I test using 'taxii-poll' from the shell I...

benime by L1 Bithead
  • 2942 Views
  • 2 replies
  • 0 Likes

Deploying Fresh install of Minemeld

After following complete steps to install Minemeld on Ubuntu 14.04. I run into this error on the last command from this link for manual installation. https://live.paloaltonetworks.com/t5/MineMeld-Articles/Manually-install-MineMeld-on-Ubuntu-Server-14...

svacca by L1 Bithead
  • 4134 Views
  • 11 replies
  • 0 Likes

Resolved! Crazy Q... Minemeld on raspberry pi?

Has anyone been brave or bored enough to try to run MineMeld on a pi? I just tried it on Ubuntu 16, Ubuntu 18, Debian 9, CentOS7 and was unable to get any of them to succesfully install. It seems to get close on Ubuntu 16 and 18 but after getting pas...

hshawn by L4 Transporter
  • 3681 Views
  • 2 replies
  • 1 Likes

Resolved! Polling JSON Format for Okta

I am trying to create a prototype for a Miner that pulls IP's from a JSON formatted file. I have looked at the documentation for setting up a JSON miner (https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-extract-indicators-from...

doliver1 by L0 Member
  • 7650 Views
  • 7 replies
  • 0 Likes

Resolved! Minemeld Proxy error

Hi, I've setup Minemeld to use the corporate proxies based on this thread and I'm still getting this error: "ConnectTimeout: HTTPSConnectionPool(host='www.dshield.org', port=443): Max retries exceeded with url: /block.txt (Caused by ConnectTimeoutErr...

otlaP5 by L0 Member
  • 3010 Views
  • 2 replies
  • 0 Likes

Azure deployment

I have attempted to install Minemeld into Azure using the provided instructions: https://live.paloaltonetworks.com/t5/MineMeld-Articles/Running-MineMeld-on-Microsoft-Azure/ta-p/78730 This is not currently working and neither is the Ansible install. T...

p768 by L0 Member
  • 1175 Views
  • 0 replies
  • 0 Likes

Experiencing issue with MineMeld fresh installs

Hi, Have anyone tried a fresh install of MineMeld recently? I'm getting issues with minemeld engine on Ubuntu 14 (using apt repo) and 16 (ansible). What I did was doing an apt-get update && apt-get upgrade on both version: From the console: minemeld-...

vedd3r by L2 Linker
  • 2624 Views
  • 1 replies
  • 3 Likes
Top Solution Authors