How to filter O365 API feed?

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
lmori
L7 Applicator

Just merged the code: https://github.com/PaloAltoNetworks/minemeld-core/pull/340

It will be there in the next release (if you are not using the develop branch now)

mfepan
L1 Bithead

Hi Luigi

 

Great news! Do you know the release date of the next stable version which contains your new code?

 

Cheers Markus

mfepan
L1 Bithead

Hi Luigi

Is the stable release already available with the improvment of the filter?

Cheers Markus

lmori
L7 Applicator

@mfepan just released version 0.9.64 with the improved Miners. It adds new attributes terminating with _list that include all the value of that attribute in the different endpoints. You can use them with the filters to reliably detect specific ids, categories, required, etc.... Example:

{
    "confidence": 100,
    "first_seen": 1565616931749,
    "last_seen": 1565616931749,
    "o365_category": "Allow",
    "o365_category_list": [
        "optimize",
        "allow"
    ],
    "o365_expressRoute": true,
    "o365_expressRoute_list": [
        "true"
    ],
    "o365_id": 6,
    "o365_id_list": [
        "1",
        "2",
        "5",
        "6"
    ],
    "o365_notes": "Exchange Online POP3 migration",
    "o365_notes_list": [
        "exchange online imap4 migration",
        "exchange online pop3 migration"
    ],
    "o365_required": false,
    "o365_required_list": [
        "false",
        "true"
    ],
    "o365_serviceArea": "Exchange",
    "o365_serviceArea_list": [
        "exchange"
    ],
    "o365_tcpPorts": "995",
    "o365_tcpPorts_list": [
        "995",
        "587",
        "143",
        "993",
        "443",
        "80"
    ],
    "o365_udpPorts_list": [],
    "share_level": "green",
    "sources": [
        "worldwide-any"
    ],
    "type": "IPv6"
}

 

mfepan
L1 Bithead

Hi Luigi

Great, we will test it and let you know if everything works as expected.

Regards Markus

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!