This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Sly_Cooper

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Sly_Cooper
‎10-29-2024
since ‎05-22-2012
L4 Transporter
User Activity
User Profile
Latest posts by Sly_Cooper
View All
User Badges
Community Statistics
Member Since ‎05-22-2012 01:08 AM
Date Last Visited ‎10-29-2024 02:35 PM
Posts 178
Total Likes Received 15

WildFire uploads stat

by in General Topics
‎12-12-2017 01:47 PM
‎12-12-2017 01:47 PM
Is there any way to know how many files were uploaded to wildfire portal? ... View more

Re: TAXII feed for SIEM

by in General Topics
‎12-12-2017 12:16 PM
‎12-12-2017 12:16 PM
@john_chua - I dont manage ESM. I provided the taxii based url to the guy managing ESM and we came up with the feed in ESM. ... View more

Re: Block all SSL versions?

by in General Topics
‎09-19-2017 11:45 AM
‎09-19-2017 11:45 AM
Traffic or Threat. I am looking at something like SMB where we now have apps for smb v1, v2 and v3. You can selectively block SMB v1 if needed. I am looking at blocking SSL v1, v2 and v3 even if the server supports it.  ... View more

Block all SSL versions?

by in General Topics
‎09-19-2017 09:10 AM
‎09-19-2017 09:10 AM
Is possible to block all SSL versions and configure TLS only access? ... View more

Re: SSH Brute Force and IP exception

by in General Topics
‎07-18-2017 10:46 AM
‎07-18-2017 10:46 AM
Isnt exception reverse of main action? Our threat profiles are configured with category High (server and client) as "Alert". We then configure exception for High severity signatures under Exception by "Enabling" particular signature and action as "reset, drop" etc. So basically I want this exception to have IP exempt for my egress ip address to NOT block. I think my logic is reverse and IP exempt is going to block the ip instead of providing exception? ... View more

SSH Brute Force and IP exception

by in General Topics
‎07-10-2017 02:16 PM
‎07-10-2017 02:16 PM
I have vulnerability profile with action for High severity signatures as "alert".  I then configured an exception for SSH Brute Force (ID 40015) as "block-ip, src and dst (30 mins)". Everything worked well until we had issues for the systems exiting from our own network and we had to provide an exception for our egress ip. We then added IP address exception under the signature matching our egress ip. Post this the signature stopped blocking SSH brute force attempts for rest of the world. Can someone please help me understand behavior of IP exception in this case? I need SSH brute force signature work for all ip addresses except my company's egress ip. ... View more

Re: Minemeld engine stopped - error starting engine

by in General Topics
‎05-04-2017 12:39 PM
‎05-04-2017 12:39 PM
@lmori - Requested files attached.     ... View more

Re: Minemeld engine stopped - error starting engine

by in General Topics
‎04-27-2017 02:25 PM
‎04-27-2017 02:25 PM
@lmori Here you go.   ubuntu@minemeld:~$ grep SUPERVISOR_URL /opt/minemeld/local/config/api/10-defaults.yml SUPERVISOR_URL: "unix:///var/run/minemeld/minemeld.sock" ubuntu@minemeld:~$ ls -la /var/run/minemeld/minemeld.sock srwx------ 1 minemeld minemeld 0 Apr 7 08:51 /var/run/minemeld/minemeld.sock ... View more

Re: Minemeld engine stopped - error starting engine

by in General Topics
‎04-27-2017 12:02 PM
‎04-27-2017 12:02 PM
@lmori - Sorry for the late response. Yes the file exists. ... View more

Re: Minemeld engine stopped - error starting engine

by in General Topics
‎04-07-2017 11:39 AM
‎04-07-2017 11:39 AM
@lmori - Whenever I clone the nodes, I see them in the config. Nothing happens post hitting commit. If i hit reload, then it loads the previously commit config and remove thes newly added nodes. How do I make sure the commit is working? Also the services are stopped. If I hit restart then I get internal server error. How do I get the engine started? API Logs attached. ... View more

Minemeld engine stopped - error starting engine

by in General Topics
‎04-07-2017 10:22 AM
‎04-07-2017 10:22 AM
I would like to create ipv4 output based on the aws ec2 and route 53 miners. I cloned miners, aggregator and output from prototypes. When I hit commit nothing happens. I can see the processes stopped under System. If I hit restart for the engine, I get Internal Server Error. I already tried by rebooting the server and tried the same. I have attached engine.log file. ... View more

Re: External Block List for matching objects in security and decryption policies

by in General Topics
‎03-14-2017 12:30 PM
‎03-14-2017 12:30 PM
Thank you all for the responses and sorry for the confusion. The name says "block list" however my use case was to use it just like a group in security and/or decryption policies. The issue is mainly with the decryption policies as even with "no-decrypt" policy, the  traffic is getting decrypted. At the same time, the firewall can poll the ip addresses fine external web server to populate dynamic block list (to rule out objects in the group). Further troubleshooting revealed that the normal "no-crypt" policy is not working however if I negate the same group in "decrypt" policy, it works fine. I have a case open with support as well. ... View more

Re: User-ID. Is WMI really needed?

by in General Topics
‎03-06-2017 08:49 AM
‎03-06-2017 08:49 AM
We had lot of agent stability issue when we started with firewalls ~3 years back. One of the suggestions over troubleshooting by support was to disable WMI. ... View more

External Block List for matching objects in security and decryption policies

by in General Topics
‎03-06-2017 08:46 AM
‎03-06-2017 08:46 AM
Hi,   We have few use cases around dynamically block list (dynamic update for us) however we would like to use it to identify and "allow" apps rather than "block". Considering it is just a group with objects which are dynamically populated based on url, i think it will work. We would like to provide ssh-proxy exception based on the dbl. Strangly even afer exception policy, the firewall was decrypting the traffic. There was no policy above this policy to match destination. I moved to the policy on the top and it started working. Now I added one more external block list group in the same policy, and the firewall started decrypting traffic. Any suggestions ... View more

Re: Updated Ubuntu now cannot login

by in General Topics
‎02-14-2017 08:07 AM
‎02-14-2017 08:07 AM
I have not yet updated the OS. Is there any specific process to follow or will it be standard ubuntu upgrade. Just want to make sure that it does not break Minemeld. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-29-2024 02:35 PM
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks