LIVEcommunity - About tkirk

tkirk · ‎02-13-2017

Hi Luigi, Did the fix make 8.0 GA, as I'm running into the same problem? The MM lists are accessible via the browser, but I get and error from PAN-OS that they are not a text file. I have disabled the certificate profile, tried URLs, IP ranges & individuals (statics), but all display the same error. The MM engine log seems to be fine. Bouced MM and firewall.. Thanks, Tim

tkirk · ‎09-09-2016

Hi all, Has anyone tried installing MineMeld on Hyper-V, I know we support Azure but didn't know if it works on Hyper-V? Thanks, Tim

tkirk · ‎08-08-2016

Hi all, A customer of mine subscribes to a threat feed where they need to authenticate (using web form) to recieve the inputs. Maybe I have missed this, but I couldn't see any predified miners to achieve this? Thanks, Tim

tkirk · ‎07-22-2016

Working great. Thanks again Luigi. I think I have everything I need for now, so i shouldn't be hassling you for a while 🙂

tkirk · ‎07-22-2016

Hi all, I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators. Here's my recieve stats from the miner: Here's the rule I'm trying to craft to extract the src_ip info.. Additionally, is it possible to extract the attacker IP from the WildFire submissions log? Looks like just threats and traffic. My use-case would be to capture attacker IPs for previously unknown samples where no further samples are seen and therefore the Threat WF sigs are not activated. Thanks for the help. Tim

tkirk · ‎07-21-2016

Thank Luigi that's great @lmori wrote: Hi Tim, currently (0.9.18) the only way to import indicators via CSV is translate the file into YAML and then upload it via SFTP or via MineMeld web API. I have opened an ER to support CSV upload: minemeld-core#30. To change the confidence level of AF indicators you have to create a new prototype. That's easy: 1. Go to CONFIG > BROWSE PROTOTYPES and select the autofocus.exportList prototype 2. Click on NEW 3. Inside the prototype editor change the confidence level as in picture. In this case the confidence level has been increased to 80 4. Save the prototype bt pressing OK 5. Use the new prototype to create a new node inside the config.

tkirk · ‎07-19-2016

Hi all, Firstly, great work on MineMeld - it is fantastic!!! I have it working great for dynamic IP lists and AF export lists, but our customer would like to import Indicators from CSV. It doesn't look possible with current class/prototypes. Any suggestions? I could script the import to a hosted list, but kind of defeats the objective. Additionally, is there a way to modify the condifence value of AF indicators (from the 75 default). Assume it's best to just manipulate on the output node? Thanks, Tim

Member Since	‎02-28-2014 05:36 AM
Date Last Visited	‎01-31-2018 11:40 PM
Posts	8

Online Status	Offline
Date Last Visited	‎01-31-2018 11:40 PM

Re: EDL file empty?

MineMeld Hyper-V support

Authenticated threat feed - Miner node

Re: MineMeld syslog indicator rules

MineMeld syslog indicator rules

Re: EDL file empty?

MineMeld Hyper-V support

Authenticated threat feed - Miner node

Re: MineMeld syslog indicator rules

MineMeld syslog indicator rules

Re: MineMeld - CSV input feature

MineMeld - CSV input feature

Network Security

Cloud Security

Security Operations