cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About rchilukuri

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
rchilukuri
‎11-27-2018
since ‎08-25-2015
L1 Bithead
User Activity
User Profile
Latest posts by rchilukuri
View All
User Badges
Public Statistics
Date Registered ‎08-25-2015 10:31 AM
Date Last Visited ‎11-27-2018 11:54 AM
Total Messages Posted 4

Re: panos_syslog IP indicator - withdraw

by in MineMeld Discussions
‎02-17-2017 07:53 AM
‎02-17-2017 07:53 AM
  Getting,  Error validating, no "conditions" in rule Not able to apply the rule with out any conditions.   Need a rule to list and keep the IP indicators for 30 days or more.   ... View more

panos_syslog IP indicator - withdraw

by in MineMeld Discussions
‎02-15-2017 03:30 PM
‎02-15-2017 03:30 PM
  I am trying to create an IPv4 indicator list based on PAN-OS threat logs. Below is the rule code attached to the syslogminer class stdlib.syslogMiner.     RULE: age_out:    default: last_seen+30d    interval: 1800    sudden_death: false attributes:    confidence: 50    type: IPv4 conditions:    - type == 'THREAT' config:    share_level: green    fields: null indicators:    - src_ip   Unfortunately all the IP addresses are withdrawn.   15/2/2017 08:07:04 -0500 ThreatFeedMCGreen ACCEPT_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator 15/2/2017 08:07:04 -0500 ThreatFeedMCGreen RECVD_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator 15/2/2017 08:07:04 -0500 ThreatFeedMCRedWithValue ACCEPT_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator 15/2/2017 08:07:04 -0500 ThreatFeedMCRedWithValue RECVD_WITHDRAW 192.168.1.61-192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: inboundaggregator 15/2/2017 08:07:04 -0500 inboundaggregator EMIT_WITHDRAW 192.168.1.61-192.168.1.61 _updated: 1487160033902 confidence: 50 panossyslog_devices: ["001606041772"] _added: 1487158094654 sources: ["panos.syslog"] first_seen: 1487158094651 _id: 35c6d7da-0715-42db-8b7a-b873cbb07ff2 type: IPv4 last_seen: 1487160033901 15/2/2017 08:07:04 -0500 inboundaggregator ACCEPT_WITHDRAW 192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: panos-syslog-miner 15/2/2017 08:07:04 -0500 inboundaggregator RECVD_WITHDRAW 192.168.1.61 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 source_node: panos-syslog-miner 15/2/2017 08:07:04 -0500 panos-syslog-miner EMIT_WITHDRAW 192.168.1.61 _age_out: 1487163633901 confidence: 50 sources: ["panos.syslog"] first_seen: 1487158094651 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487160033901 15/2/2017 07:58:52 -0500 ThreatFeedMCRedWithValue DROP_UPDATE 213.211.198.62-213.211.198.62 confidence: 50 sources: ["panos.syslog"] first_seen: 1487159482831 panossyslog_devices: ["001606041772"] type: IPv4 last_seen: 1487163532361 source_node: inboundaggregator 15/2/2017 07:58:52 -0500 ThreatFeedMCRedWithValue RECVD_UPDATE 213.211.198.62-213.211.198.62 confidence: 50 sources: ["panos.syslog"] first_seen: 1487159482831 panossyslog_devices: ["001606041772"] type: I   ... View more

Minemeld High Availability

by in MineMeld Discussions
‎02-06-2017 01:53 PM
‎02-06-2017 01:53 PM
MineMeld needs to be deployed in a high availability model, so if one goes down firewall will not start blocking allowed traffic from the rule base. What is the recommendation here? ... View more

Feed / data control

by in MineMeld Discussions
‎02-06-2017 12:29 PM
‎02-06-2017 12:29 PM
Use Case: Ofice 365 Access Control   What happens if MineMeld deletes all the IPs from a feed, and the firewall sees there are no more IP’s from that feed. Will the traffic be blocked? What happens on the firewall if there is no data from a feed where there was data from the last time it pulled? Will it delete the local cached copy of the data and then result in the rule no longer working? ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎11-27-2018 11:54 AM
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks