This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
Hi Luigi,
Did the fix make 8.0 GA, as I'm running into the same problem?
The MM lists are accessible via the browser, but I get and error from PAN-OS that they are not a text file. I have disabled the certificate profile, tried URLs, IP ranges & individuals (statics), but all display the same error. The MM engine log seems to be fine.
Bouced MM and firewall..
Thanks,
Tim
... View more
Hi all,
A customer of mine subscribes to a threat feed where they need to authenticate (using web form) to recieve the inputs. Maybe I have missed this, but I couldn't see any predified miners to achieve this?
Thanks,
Tim
... View more
Hi all,
I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators.
Here's my recieve stats from the miner:
Here's the rule I'm trying to craft to extract the src_ip info..
Additionally, is it possible to extract the attacker IP from the WildFire submissions log? Looks like just threats and traffic. My use-case would be to capture attacker IPs for previously unknown samples where no further samples are seen and therefore the Threat WF sigs are not activated.
Thanks for the help.
Tim
... View more
Thank Luigi that's great
@lmori wrote:
Hi Tim,
currently (0.9.18) the only way to import indicators via CSV is translate the file into YAML and then upload it via SFTP or via MineMeld web API. I have opened an ER to support CSV upload: minemeld-core#30.
To change the confidence level of AF indicators you have to create a new prototype. That's easy:
1. Go to CONFIG > BROWSE PROTOTYPES and select the autofocus.exportList prototype
2. Click on NEW
3. Inside the prototype editor change the confidence level as in picture. In this case the confidence level has been increased to 80
4. Save the prototype bt pressing OK
5. Use the new prototype to create a new node inside the config.
... View more
Hi all,
Firstly, great work on MineMeld - it is fantastic!!! I have it working great for dynamic IP lists and AF export lists, but our customer would like to import Indicators from CSV. It doesn't look possible with current class/prototypes. Any suggestions? I could script the import to a hosted list, but kind of defeats the objective.
Additionally, is there a way to modify the condifence value of AF indicators (from the 75 default). Assume it's best to just manipulate on the output node?
Thanks,
Tim
... View more