Replacing office 365 from XML and RSS with Restful API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Replacing office 365 from XML and RSS with Restful API

L2 Linker

Hi all, 

 

In view of the changes Microsoft is going to make in future as describe in the following link, would the current miner for O365 still works?

 

https://support.office.com/en-gb/article/managing-office-365-endpoints-99cab9d4-ef59-4207-9f2b-3728e...

 

 

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @chtoh82,

the new MSFT API is not production-ready yet. But we have already implemented the Miner for it:

https://github.com/PaloAltoNetworks/minemeld-core/issues/267

 

We will include it in a new release early next week.

 

luigi

View solution in original post

12 REPLIES 12

L7 Applicator

Hi @chtoh82,

the new MSFT API is not production-ready yet. But we have already implemented the Miner for it:

https://github.com/PaloAltoNetworks/minemeld-core/issues/267

 

We will include it in a new release early next week.

 

luigi

Thanks! Looking forward to it!

Hi Luigi, as i can see the prototype for those miners based on China, Gemany, US and worldwide are still in experimental. May I know whether we already mined and feeding those IP and domains to the O365 output? Thanks.

I tested the O365-API worldwide miner on the AF hosted minemeld:

# HTTPError: 400 Client Error: Bad Request


2018-08-16T11:00:52 (12932)basepoller.hup INFO: O365-Worldwide-Any-Service - hup received, force polling
2018-08-16T11:00:52 (12932)basepoller._huppable_wait INFO: hup is clear: False
2018-08-16T11:00:52 (12932)basepoller._actor_loop INFO: O365-Worldwide-Any-Service - command: 1534417252635 poll
2018-08-16T11:00:52 (12932)basepoller._polling_loop INFO: Polling O365-Worldwide-Any-Service
2018-08-16T11:00:52 (12932)connectionpool._new_conn INFO: Starting new HTTPS connection (1): endpoints.office.com
2018-08-16T11:00:52 (12932)basepoller._poll ERROR: Exception in polling loop for O365-Worldwide-Any-Service: 400 Client Error: Bad Request
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 721, in _poll
performed = self._polling_loop()
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/basepoller.py", line 571, in _polling_loop
iterator = self._build_iterator(now)
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/o365.py", line 352, in _build_iterator
latest_version = self._check_version()
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/minemeld/ft/o365.py", line 252, in _check_version
r.raise_for_status()
File "/opt/minemeld/engine/0.9.46/local/lib/python2.7/site-packages/requests/models.py", line 851, in raise_for_status
raise HTTPError(http_error_msg, response=self)
HTTPError: 400 Client Error: Bad Request
2018-08-16T11:00:55 (12932)basepoller._polling_loop INFO: Polling O365-Worldwide-Any-Service
2018-08-16T11:00:55 (12932)connectionpool._new_conn INFO: Starting new HTTPS connection (1): endpoints.office.com
2018-08-16T11:00:55 (12932)basepoller._poll ERROR: Exception in polling loop for O365-Worldwide-Any-Service: 400 Client Error: Bad Request

 

Before posting this I tried China too, no difference. They all error out on the same thing.

Same behavior on my MM.

Hi @Fille01,

 

new O365 API Miners were officialy released with MineMeld version 0.9.50. Please, update your MineMeld instance before using the provided configuration files.

Hello,

 

I used the AF hosted minemeld. However I changed to hosting one myself and that was updated, works OK.

I also caught up with this 400 client error:bad request after replacing the scripts. I couldn't find version upgrade option in autofocus minemeld, can you share the link.

 

 

 


@RamBalaji wrote:

I also caught up with this 400 client error:bad request after replacing the scripts. I couldn't find version upgrade option in autofocus minemeld, can you share the link.

 

 


I am pretty sure there is none.

Hi @RamBalaji,

which version of MineMeld for Autofocus are you running? Is it possible that you are running on version 0.9.46?

 

If that's the case you can upgrade MineMeld by going to Apps, stop MineMeld and restart it. DO NOT RESET!!

It's always better to do a full backup of MineMeld before doing a restart (under the tab SYSTEM).

 

I can confirm that this solution works! It upgraded to 0.9.50 and o365 miner works.

  • 1 accepted solution
  • 14813 Views
  • 12 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!