This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About tkirk
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About tkirk
01-31-2018
8Posts
0Likes
0Solutions
Jan 31, 2018Last Visited
User
Activity
User
Profile
Latest posts by tkirk
| Subject | Views | Posted |
|---|---|---|
| 12867 | 02-13-2017 09:10 PM | |
| 2796 | 09-09-2016 03:21 AM | |
| 4158 | 08-08-2016 01:41 AM | |
| 9142 | 07-22-2016 05:32 AM | |
| 9194 | 07-22-2016 03:53 AM | |
| 15228 | 07-21-2016 11:39 AM | |
| 16365 | 07-19-2016 07:40 AM |
User Badges
Community Statistics
| Member Since | 02-28-2014 05:36 AM |
| Date Last Visited | 01-31-2018 11:40 PM |
| Posts | 8 |
02-13-2017
09:10 PM
Hi Luigi,
Did the fix make 8.0 GA, as I'm running into the same problem?
The MM lists are accessible via the browser, but I get and error from PAN-OS that they are not a text file. I have disabled the certificate profile, tried URLs, IP ranges & individuals (statics), but all display the same error. The MM engine log seems to be fine.
Bouced MM and firewall..
Thanks,
Tim
... View more
09-09-2016
03:21 AM
Hi all,
Has anyone tried installing MineMeld on Hyper-V, I know we support Azure but didn't know if it works on Hyper-V?
Thanks,
Tim
... View more
08-08-2016
01:41 AM
Hi all,
A customer of mine subscribes to a threat feed where they need to authenticate (using web form) to recieve the inputs. Maybe I have missed this, but I couldn't see any predified miners to achieve this?
Thanks,
Tim
... View more
07-22-2016
05:32 AM
Working great. Thanks again Luigi. I think I have everything I need for now, so i shouldn't be hassling you for a while 🙂
... View more
07-22-2016
03:53 AM
Hi all,
I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators.
Here's my recieve stats from the miner:
Here's the rule I'm trying to craft to extract the src_ip info..
Additionally, is it possible to extract the attacker IP from the WildFire submissions log? Looks like just threats and traffic. My use-case would be to capture attacker IPs for previously unknown samples where no further samples are seen and therefore the Threat WF sigs are not activated.
Thanks for the help.
Tim
... View more
07-21-2016
11:39 AM
Thank Luigi that's great
@lmori wrote:
Hi Tim,
currently (0.9.18) the only way to import indicators via CSV is translate the file into YAML and then upload it via SFTP or via MineMeld web API. I have opened an ER to support CSV upload: minemeld-core#30.
To change the confidence level of AF indicators you have to create a new prototype. That's easy:
1. Go to CONFIG > BROWSE PROTOTYPES and select the autofocus.exportList prototype
2. Click on NEW
3. Inside the prototype editor change the confidence level as in picture. In this case the confidence level has been increased to 80
4. Save the prototype bt pressing OK
5. Use the new prototype to create a new node inside the config.
... View more
07-19-2016
07:40 AM
Hi all,
Firstly, great work on MineMeld - it is fantastic!!! I have it working great for dynamic IP lists and AF export lists, but our customer would like to import Indicators from CSV. It doesn't look possible with current class/prototypes. Any suggestions? I could script the import to a hosted list, but kind of defeats the objective.
Additionally, is there a way to modify the condifence value of AF indicators (from the 75 default). Assume it's best to just manipulate on the output node?
Thanks,
Tim
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks