MineMeld Discussions
cancel
Showing results for 
Search instead for 
Did you mean: 
MineMeld Discussions
About MineMeld Discussions

Welcome to the MineMeld discussion forum. Please feel free to ask questions and engage with other community members. Ideas, questions, research, and observations regarding MineMeld are all actively encouraged.

Note: Participation in the discussion forum requires a Live Community account. Registration is free and easy! Simply click here to sign up.

Forum Posts

Deploying Minemeld Using Vagrant and Virtualbox

Hello All, Based on @lmori's great guide for doing a manual install of Minemeld on Ubuntu 14.04, I have taken his configurations and wrapped them in a Vagrantfile for easy foolproof deployment of Minemeld. It's a simple 3 step process: Install latest...

nbilal by L3 Networker
  • 10011 Views
  • 2 replies
  • 9 Likes

Resolved! feed authentication with PAN-OS 8.0

I have enabled feed authentication on our MineMeld Server: https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Minemeld-Feed-Password-OR-api-security/td-p/131716 I did a quick test with curl and it works as i expected. Unfortunataly our PAN FW ...

panos.png
faeppli by L1 Bithead
  • 2911 Views
  • 2 replies
  • 0 Likes

Resolved! Proper procedure for updating an extension

I tried this and it seemed to work, just want to be sure it is the right procedure. 1. Disable/delete existing extension wheel 2. Upload/activate updated extension wheel Is there any negative impact on the nodes using the prototypes and classes of th...

Drop_update

Hi, I've just created a new node and I'm seeing events such us: DROP_UPDATE on aggregator type. My miner has all domain list but the aggregator has this meessge with "drop_update", do you know it??? Why??? Thanks a lot

SantiBT by L2 Linker
  • 2391 Views
  • 5 replies
  • 0 Likes

Integrate with MISP

Hi all, Do you know something sample about integration with MISP (Malware Information share platform)??? So another question is about scripts, can I launch a script into conifg a new prototype? If I've created a new prototype I set a url option...can...

SantiBT by L2 Linker
  • 6500 Views
  • 19 replies
  • 0 Likes

Minemeld behind corporate proxy

Following all the requirements for proxy configuration - https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Minemeld-with-Proxy/m-p/77356/highlight/true#M85I can perform a curl request, for example curl https://www.spamhaus.org/drop/edrop.txt ...

calamari by L1 Bithead
  • 3794 Views
  • 5 replies
  • 0 Likes

MineMeld real-world usage to reduce threats?

So far I'm using MineMeld to pull Dshield and Spamhaus feeds to use to block inbound connections to our internet facing servers. Whilst there are loads of miners I'd love to know which ones people have found "safe" enough to use on production inbound...

Resolved! "enhanced" YouTube Miner and Age_Out problem

I have rewritten the available YouTube Miner (https://github.com/PaloAltoNetworks/youtube-miner) since it only mines the first 30 Videos from a user. It now uses the YouTube API (so you need an API Key) and it mines all videos in a playlist (playlist...

faeppli by L1 Bithead
  • 1926 Views
  • 3 replies
  • 0 Likes

panos_syslog IP indicator - withdraw

I am trying to create an IPv4 indicator list based on PAN-OS threat logs. Below is the rule code attached to the syslogminer class stdlib.syslogMiner. RULE: age_out: default: last_seen+30d interval: 1800 sudden_death: falseattributes: confidence: 50 ...

Create a miner to mine from Autofocus MineMeld

Hi, with the release of PANOS 8.0, Autofocus will have a minemeld build in. May I know if we can have a on premise minemeld to fetch the feeds from the Autofocus Minemeld? I tried to grab the minemeld feeds but it shows me unauthorized access. Do we ...

yctan by L2 Linker
  • 2731 Views
  • 3 replies
  • 0 Likes

Minemeld stuck after reboot

I deployed serveral times Minemeld and everything is running fine. But when I reboot Minemeld I got stuck in the boot procedure. First it hangs for 120 seconds: Cloud-init-nonet[14.62]: waiting 120 seconds for network devices. after 120 seconds: Stop...

minemeld-01.png
minemeld-02.png
minemeld-03.png
minemeld-04.png

Testing TAXII output using Postman.

Hi Minemeld Team, i have try using the below postman collection link and import to my postman. the output is shown in the attachment. like to know the output is exactly what i should see or i am doing it wrongly? please advise. https://gist.github.co...

dkoh by L2 Linker
  • 2283 Views
  • 1 replies
  • 0 Likes

Minemeld High Availability

MineMeld needs to be deployed in a high availability model, so if one goes down firewall will not start blocking allowed traffic from the rule base. What is the recommendation here?

Top Solution Authors
Top Liked Authors